SELinux blocks my library catalog
Stuart Sears
stuart at sjsears.com
Sat Apr 15 13:54:47 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joel Gomberg wrote:
> Joel Gomberg wrote:
>> My library uses port 8080 for accessing its catalog:
>>
>> http://oaklandlibrary.org:8080/ipac20/ipac.jsp?profile=#focus
>>
>> SELinux denies access. With setenforce=0, access is permitted, so I'm
>> sure it's a SELinux issue. After perusing the SELinux FAQ, I issued
>> this command:
>>
>> semanage port -a -p tcp -t http_port_t 8080.
>>
>> The response was that port 8080 was already defined.
>>
>> Suggestions are welcome.
>
> I forgot to include the relevant audit log entry:
>
> type=AVC msg=audit(1145058006.474:1026): avc: denied { name_connect }
> for pid=13185 comm="privoxy" dest=8080
> scontext=system_u:system_r:privoxy_t:s0
>
> --
> Joel
>
try:
semanage port -l | grep 8080
you should see something like:
http_cache_port_t tcp 3128, 8080, 8118
if you want to allow privoxy_t access to this port as well, you could
attempt this:
semanage port -m -p tcp -t privoxy_t 8080
notice the -m instead of the -a (you're modifying an already defined
port, rather than adding a new one)
see if that helps
regards
Stuart
- --
Stuart Sears RHCA RHCX
To err is human, to forgive is Not Company Policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFEQPsnamPtx1brPQ4RAjB2AJ9j5i5EPpZPZxySTM6CDzaaHrFpwQCfQ1Q1
lOI4WHw3bMxQ0NU+6FyM/yU=
=nMt+
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list