* [gentoo-hardened] SELinux: apache2 name_connect to self puzzle
@ 2006-05-03 15:51 Andy Dustman
0 siblings, 0 replies; only message in thread
From: Andy Dustman @ 2006-05-03 15:51 UTC (permalink / raw
To: gentoo-hardened
I am seeing this avc message come up on an SELinux system:
audit(1146666553.428:9106): avc: denied { name_connect } for
pid=24205 comm="apache2" dest=443 scontext=system_u:system_r:httpd_t
tcontext=system_u:object_r:http_port_t tclass=tcp_socket
Usually there is a quick burst of these (1/s) over a couple minutes,
at irregular intervals. The corresponding apache2 error_log entries
look like this:
[warn] (13)Permission denied: connect to listener on 0.0.0.0:443
There are *not* any corresponding access_log messages, so it does not
seem to be triggered by an external event. The server in question does
run https. It also runs a shopping cart application as CGI, which runs
in it's own domain (not httpd_t) so I don't think the application can
be doing this. It seems to correspond to a switch to 2.6.16 kernel
(gentoo-sources, and policy version 20) and apache-2.0.55.
Any ideas why apache would do this on it's own?
--
The Pythonic Principle: Python works the way it does
because if it didn't, it wouldn't be Python.
--
gentoo-hardened@gentoo.org mailing list
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2006-05-03 15:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-03 15:51 [gentoo-hardened] SELinux: apache2 name_connect to self puzzle Andy Dustman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox