FC4 httpd_can_network_connect boolean
Joe Orton
jorton at redhat.com
Mon Aug 1 08:33:23 UTC 2005
Very useful that this has been introduced - but I had presumed that it
applies only to non-local addresses.
The httpd parent process needs to be able to make connections to the
local address/ports to which the children are bound. After a period of
load, when there are idle children stuck in accept(), the parent will
make a few connect()s to wake them up.
Can this policy be limited to non-local addresses?
(the "child garbage collection" process is effectively broken-by-default
at the moment)
joe
More information about the fedora-selinux-list
mailing list