privoxy.te
Tom London
selinux at gmail.com
Mon Nov 8 16:43:26 UTC 2004
Running strict/enforcing off of latest rawhide
(selinux-policy-strict-1.18.2-2):
privoxy generates:
Nov 7 13:44:10 fedora kernel: audit(1099863850.432:0): avc: denied
{ connect } for pid=14703 exe=/usr/sbin/privoxy
scontext=system_u:system_r:privoxy_t
tcontext=system_u:system_r:privoxy_t tclass=udp_socket
Nov 7 13:44:10 fedora kernel: audit(1099863850.469:0): avc: denied
{ connect } for pid=14703 exe=/usr/sbin/privoxy
scontext=system_u:system_r:privoxy_t
tcontext=system_u:system_r:privoxy_t tclass=tcp_socket
This patch seems to fix it:
--- SAVE/privoxy.te 2004-11-07 18:00:09.433732712 -0800
+++ ./privoxy.te 2004-11-07 18:00:40.419276794 -0800
@@ -18,6 +18,7 @@
# Use the network.
can_network(privoxy_t)
allow privoxy_t port_t:{ tcp_socket udp_socket } name_bind;
+allow privoxy_t self:{ tcp_socket udp_socket } connect;
allow privoxy_t etc_t:file { getattr read };
allow privoxy_t self:capability { setgid setuid };
allow privoxy_t self:unix_stream_socket create_socket_perms ;
tom
--
Tom London
More information about the fedora-selinux-list
mailing list