View Issue Details

IDProjectCategoryView StatusLast Update
0014404CentOS-7selinux-policypublic2018-01-23 01:55
Reporterdmckinstry9422 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0014404: SELinux is preventing /usr/sbin/httpd from 'name_connect' accesses on the tcp_socket port 10051.
DescriptionDescription of problem:
You should report this as a bug.
You can generate a local policy module to allow this access.
Allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -i my-httpd.pp
SELinux is preventing /usr/sbin/httpd from 'name_connect' accesses on the tcp_socket port 10051.

***** Plugin catchall_boolean (47.5 confidence) suggests ******************

If you want to allow httpd to can network connect
Then you must tell SELinux about this by enabling the 'httpd_can_network_connect' boolean.
You can read 'None' man page for more details.
Do
setsebool -P httpd_can_network_connect 1

***** Plugin catchall_boolean (47.5 confidence) suggests ******************

If you want to allow httpd to can connect zabbix
Then you must tell SELinux about this by enabling the 'httpd_can_connect_zabbix' boolean.
You can read 'None' man page for more details.
Do
setsebool -P httpd_can_connect_zabbix 1

***** Plugin catchall (6.38 confidence) suggests **************************

If you believe that httpd should be allowed name_connect access on the port 10051 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -i my-httpd.pp

Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:zabbix_port_t:s0
Target Objects port 10051 [ tcp_socket ]
Source httpd
Source Path /usr/sbin/httpd
Port 10051
Host (removed)
Source RPM Packages httpd-2.4.6-67.el7.centos.6.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-693.11.6.el7.x86_64 #1 SMP
                              Thu Jan 4 01:06:37 UTC 2018 x86_64 x86_64
Alert Count 93
First Seen 2018-01-22 16:57:22 MST
Last Seen 2018-01-22 18:41:36 MST
Local ID 02d1f4f9-4d24-495e-98f9-1a044b7167fd

Raw Audit Messages
type=AVC msg=audit(1516671696.127:3643): avc: denied { name_connect } for pid=1738 comm="httpd" dest=10051 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:zabbix_port_t:s0 tclass=tcp_socket


type=SYSCALL msg=audit(1516671696.127:3643): arch=x86_64 syscall=connect success=no exit=EACCES a0=b a1=55b82da0c390 a2=10 a3=5a6692d0 items=0 ppid=1126 pid=1738 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)

Hash: httpd,httpd_t,zabbix_port_t,tcp_socket,name_connect

Version-Release number of selected component:
selinux-policy-3.13.1-166.el7_4.7.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-693.11.6.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashe068dd88044f14ff3e771371c5216ebd05b0a2f4b7e1712e345e49f95e688c82
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-01-23 01:55 dmckinstry9422 New Issue