Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 161124 - FC4 httpd_t named_connect dontaudited
Summary: FC4 httpd_t named_connect dontaudited
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 4
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-06-20 17:51 UTC by Colin Walters
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 1.25.1-7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-08-19 08:25:28 UTC

Attachments (Terms of Use)

Description Colin Walters 2005-06-20 17:51:38 UTC
Description of problem:

It took me quite a while to figure out a policy denial was breaking our web
application; looks like httpd_t httpd_cache_port_t:tcp_socket { name_connect }
is dontaudited.

That seems like a bad idea to me; why is this dontaudited?

Comment 1 Daniel Walsh 2005-06-20 17:55:46 UTC
Why would httpd needt to connect to httpd_cache_port_t?


Comment 2 Colin Walters 2005-06-20 18:39:03 UTC
Port 8080 (labeled with httpd_cache_port_t) is a port very commonly used by
Tomcat installations; mod_jk connects Apache to Tomcat.

Comment 3 Daniel Walsh 2005-07-11 18:34:02 UTC
Fixed in selinux-policy-targeted-1.25.1-7

Note You need to log in before you can comment on or make changes to this bug.