-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jason L Tibbitts III wrote:
So I have this AVC:
avc: denied { name_connect } for pid=9045 comm="httpd" dest=9680 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
which comes from a PHP script trying to open a socket. This is no big deal. I believe that setting httpd_can_network_connect should fix it. However, I was wondering if it's possible to restrict the destination port to 9680, or restrict the destination host at all?
- J<
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Hope you don't mind but I answered in my blog.
http://danwalsh.livejournal.com/12928.html