| 1 |
I am seeing this avc message come up on an SELinux system: |
| 2 |
|
| 3 |
audit(1146666553.428:9106): avc: denied { name_connect } for |
| 4 |
pid=24205 comm="apache2" dest=443 scontext=system_u:system_r:httpd_t |
| 5 |
tcontext=system_u:object_r:http_port_t tclass=tcp_socket |
| 6 |
|
| 7 |
Usually there is a quick burst of these (1/s) over a couple minutes, |
| 8 |
at irregular intervals. The corresponding apache2 error_log entries |
| 9 |
look like this: |
| 10 |
|
| 11 |
[warn] (13)Permission denied: connect to listener on 0.0.0.0:443 |
| 12 |
|
| 13 |
There are *not* any corresponding access_log messages, so it does not |
| 14 |
seem to be triggered by an external event. The server in question does |
| 15 |
run https. It also runs a shopping cart application as CGI, which runs |
| 16 |
in it's own domain (not httpd_t) so I don't think the application can |
| 17 |
be doing this. It seems to correspond to a switch to 2.6.16 kernel |
| 18 |
(gentoo-sources, and policy version 20) and apache-2.0.55. |
| 19 |
|
| 20 |
Any ideas why apache would do this on it's own? |
| 21 |
|
| 22 |
-- |
| 23 |
The Pythonic Principle: Python works the way it does |
| 24 |
because if it didn't, it wouldn't be Python. |
| 25 |
|
| 26 |
-- |
| 27 |
gentoo-hardened@g.o mailing list |
Archives