search for: udp_socket

...e web server could send the data via a socket connection to the end user's browser, so I don't know why a CGI script would be blocked from writing to a socket with security context httpd_t. The only clue that might narrow it down is the line "Target Objects socket [ udp_socket ]". The sockets that the cgi scripts usually send output to are of course tcp sockets, so why would it say udp? The only time one of my cgi scripts might use udp would be if it were doing a hostname lookup via dns, but the index.cgi script doesn't do that at any point. What would th...

On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for

...nel_t; type var_t; type postfix_smtpd_t; type initrc_t; type proc_t; class unix_stream_socket connectto; class file { read getattr }; class sock_file write; class lnk_file { read create unlink getattr }; class udp_socket name_bind; class dir { read search }; } #============= amavis_t ============== allow amavis_t amavis_var_lib_t:lnk_file { read create unlink getattr }; allow amavis_t traceroute_port_t:udp_socket name_bind; #============= clamd_t ============== allow clamd_t proc_t:file { read getattr }...

...X11Forwarding yes X11UseLocalhost no Match Group !wheel,sftp ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no There are SELinux issues: /var/log/messages Jul 9 09:22:43 inet02 setroubleshoot: SELinux is preventing /usr/sbin/sshd from create access on the udp_socket . For complete SELinux messages. run sealert -l 91eae747-73dc-43d8-8af9-0601e726f233 Jul 9 09:22:43 inet02 setroubleshoot: SELinux is preventing /usr/sbin/sshd from create access on the tcp_socket . For complete SELinux messages. run sealert -l c5d4049e-cffb-4cfb-a243-135c7b297e8b Jul 9 09:22:4...

...rlimitinh }; class unix_stream_socket { getattr accept read write }; class capability { sys_resource sys_ptrace }; class file { entrypoint open create relabelfrom relabelto getattr setattr read write append ioctl lock rename link unlink }; class lnk_file { getattr read }; class udp_socket name_bind; class dir { getattr setattr add_name remove_name search open read write ioctl lock }; } #============= httpd_t ============== allow httpd_t port_t:udp_socket name_bind; allow httpd_t proc_net_t:file { read getattr open }; allow httpd_t bin_t:file entrypoint; allow httpd_t passeng...

At the risk of angering the crash Gods, my sustem has NOT crashed again since I downgraded the kernel from 2.6.18-1.2239.fc5 to 2.6.18-1.2200.fc5. Given that newfound stability, and my lack of time, I'm going to put on hold any further diagnostics, until the next kernel revision is released. I have submitted a report at bugzilla.redhat.com (bug 218128). (Ah, nuts; accidentally created a