selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
New commits: commit c8588264c801e5cddaa288e8ef17ae839ff32e7e Author: Jan Pazdziora jpazdziora@redhat.com Date: Thu May 28 11:49:07 2009 +0200
500330 - allow httpd_sys_script_t to bind to loopback as well.
Addressing type=AVC msg=audit(1242117348.626:800): avc: denied { node_bind } for pid=1540 comm="upload_results." saddr=127.0.0.1 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:lo_node_t:s0 tclass=udp_socket
diff --git a/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te b/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te index 618ec8b..483b668 100644 --- a/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te +++ b/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te @@ -117,7 +117,7 @@ allow spacewalk_monitoring_t http_port_t:tcp_socket name_connect; read_files_pattern(httpd_t, spacewalk_monitoring_conf_t, spacewalk_monitoring_conf_t)
allow httpd_sys_script_t spacewalk_monitoring_conf_t:file { read ioctl getattr }; -allow httpd_sys_script_t node_t:udp_socket node_bind; +corenet_udp_bind_all_nodes(httpd_sys_script_t)
auth_dontaudit_read_shadow(spacewalk_monitoring_t)
spacewalk-commits@lists.fedorahosted.org