-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ian Pilcher wrote:
Running fully updated Fedora 8, trying to start stunnel from xinetd, and getting a couple of denials:
type=AVC msg=audit(1205149512.996:2338): avc: denied { write } for pid=14322 comm="stunnel" name="random_seed" dev=md1 ino=819429 scontext=unconfined_u:system_r:stunnel_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:stunnel_etc_t:s0 tclass=file
type=AVC msg=audit(1205149512.998:2339): avc: denied { name_bind } for pid=14322 comm="stunnel" src=2873 scontext=unconfined_u:system_r:stunnel_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
Aren't these things that stunnel should be expected to do?
selinux-policy-3.0.8-95.fc8.src.rpm
Adds stunnel_system_domain to inetd_system_domain, which will allow stunnel to transition to every domain that is defined as an inetd_system_domain.