[PATCH 2/2] Fix SELinux AVCs on paste hosts due to httpd trying to connect to mysql
Mahrud Sayrafi
dinovirus+NOSPAM at gmail.com
Fri Mar 15 22:41:51 UTC 2013
From: Mahrud Sayrafi <dinovirus at gmail.com>
Sample AVC:
Mar 14 05:37:53 paste01.phx2.fedoraproject.org tag_audit_log: node=10.5.126.59 type=AVC msg=audit(1363239466.136:23868): avc: denied { name_connect } for pid=22371 comm="httpd" dest=3306 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
Almost all of AVCs from that host are due to this problem.
---
modules/sticky-notes/manifests/init.pp | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/modules/sticky-notes/manifests/init.pp b/modules/sticky-notes/manifests/init.pp
index f8d7d44..cad4443 100644
--- a/modules/sticky-notes/manifests/init.pp
+++ b/modules/sticky-notes/manifests/init.pp
@@ -84,6 +84,10 @@ class sticky-notes {
require => Package["sticky-notes"],
}
+ selboolean { "httpd_can_network_connect_db":
+ persistent => true,
+ value => on,
+ }
}
# Proxy setup
--
1.7.2.1
More information about the infrastructure
mailing list