[Bug 164992] New: Mod_proxy does not work with SElinux default policy

Daniel J Walsh dwalsh at redhat.com
Tue Aug 16 17:29:55 UTC 2005

Joe Orton wrote:

>On Mon, Aug 15, 2005 at 11:59:52AM -0400, Daniel J Walsh wrote:
>>allow httpd_t { http_port_t http_cache_port_t }:tcp_socket name_bind;
>># allow httpd to connect to mysql/posgresql
>>allow httpd_t { postgresql_port_t mysqld_port_t }:tcp_socket name_connect;
>># allow httpd to work as a relay
>>allow httpd_t { gopher_port_t ftp_port_t http_port_t http_cache_port_t 
>>}:tcp_socket name_connect;
>So this would allow connections to ports 80, 8080, etc etc?
>Yes, that looks sufficient, but it does seem to defeat the point of 
>having the boolean in the first place :)
Yes and know,  Since the main goal is to stop spamming we have prevented 
this.  I could add another boolean on by default that allowed 
httpd_relay or something.

>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com


More information about the fedora-selinux-list mailing list