SELinux Blocking Ping
Ted Rule
ejtr at layer3.co.uk
Fri Feb 22 15:48:46 UTC 2013
I've had something similar work with this sort of extra policy.
$ cat localhttpping.te
##############################################
module localhttpping 1.0.4;
require {
type httpd_sys_script_t;
type ping_t;
type ping_exec_t;
class process { transition };
}
allow httpd_sys_script_t ping_t:process transition;
domain_auto_trans(httpd_sys_script_t,ping_exec_t,ping_t);
$
This was from a CGI shell script, so if it's coming via PHP it might be
in httpd_t rather than httpd_sys_script_t
--
Ted Rule
Director, Layer3 Systems Ltd
Layer3 Systems Limited is registered in England. Company no 3130393
43 Pendle Road, Streatham, London, SW16 6RT
Tel: 020-8769-4484
Mob: 07946-908914
GPG Fingerprint = 9227:3434:b51d:c7a1:eea6:21e2:418a:8997:c104:7566
E: ejtr at layer3.co.uk
W: http://www.layer3.co.uk/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20130222/da96af8f/attachment.html>
More information about the selinux
mailing list