1 |
I am seeing this avc message come up on an SELinux system: |
2 |
|
3 |
audit(1146666553.428:9106): avc: denied { name_connect } for |
4 |
pid=24205 comm="apache2" dest=443 scontext=system_u:system_r:httpd_t |
5 |
tcontext=system_u:object_r:http_port_t tclass=tcp_socket |
6 |
|
7 |
Usually there is a quick burst of these (1/s) over a couple minutes, |
8 |
at irregular intervals. The corresponding apache2 error_log entries |
9 |
look like this: |
10 |
|
11 |
[warn] (13)Permission denied: connect to listener on 0.0.0.0:443 |
12 |
|
13 |
There are *not* any corresponding access_log messages, so it does not |
14 |
seem to be triggered by an external event. The server in question does |
15 |
run https. It also runs a shopping cart application as CGI, which runs |
16 |
in it's own domain (not httpd_t) so I don't think the application can |
17 |
be doing this. It seems to correspond to a switch to 2.6.16 kernel |
18 |
(gentoo-sources, and policy version 20) and apache-2.0.55. |
19 |
|
20 |
Any ideas why apache would do this on it's own? |
21 |
|
22 |
-- |
23 |
The Pythonic Principle: Python works the way it does |
24 |
because if it didn't, it wouldn't be Python. |
25 |
|
26 |
-- |
27 |
gentoo-hardened@g.o mailing list |