View Issue Details

IDProjectCategoryView StatusLast Update
0005166CentOS-6selinux-policypublic2011-10-05 10:18
Reportermathias.sch 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
PlatformIntel Celeron CPU 440OSCentOSOS Version6.0
Product Version6.0 
Target VersionFixed in Version 
Summary0005166: SELinux policy problem -> Creates httpd_t problem
DescriptionAfter installing ReviewBoard and having some Problems using pysvn I found out that a SELinux caused de problem:

$> audit2allow < /var/log/audit/audit.log

#============= httpd_t ==============
allow httpd_t memcache_port_t:tcp_socket name_connect;
allow httpd_t port_t:tcp_socket name_connect;
allow httpd_t smtp_port_t:tcp_socket name_connect;

So I ran:

$> audit2allow -a -M reviewboard
$> semodule -i reviewboard.pp

After that everything went well
Steps To ReproduceAfter a succesfull install of ReviewBoard (http://www.reviewboard.org/docs/manual/1.6/admin/installation/linux/), log in as admin and add a new repository, this causes an error:
SVN: Failed to get repository information for svn://svnServer/.../trunk: Can't connect to host 'svnServer.local': Permission denied
TagsNo tags attached.

Activities

athmane

athmane

2011-10-05 10:18

developer   ~0013464

The default selinux policy does not allow httpd to connect to a network (svnServer.local / svn port).

httpd_can_network_connect --> off

Since you created a custom policy it better to fill a bug in upstream bugzilla [1] (though it seems to be a normal behavior)

[1] https://bugzilla.redhat.com/

Issue History

Date Modified Username Field Change
2011-10-05 07:15 mathias.sch New Issue
2011-10-05 10:18 athmane Note Added: 0013464