Re: [Bug 164992] New: Mod_proxy does not work with: msg#00021

Joe Orton wrote:

I wonder whether this boolean should really just be "on" by default.

----- Forwarded message from bugzilla@xxxxxxxxxx -----

From: bugzilla@xxxxxxxxxx
To: jorton@xxxxxxxxxx
Date: Wed, 3 Aug 2005 08:02:27 -0400
Subject: [Bug 164992]  New: Mod_proxy does not work with SElinux default policy

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164992

          Summary: Mod_proxy does not work with SElinux default policy
          Product: Fedora Core
          Version: fc4
         Platform: i386
       OS/Version: Linux
           Status: NEW
         Severity: low
         Priority: normal
        Component: httpd
       AssignedTo: jorton@xxxxxxxxxx
       ReportedBy: trash_alias@xxxxxxxx
  Estimated Hours: 0.0

From Bugzilla Helper:

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 
Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
Bad: mod_proxy fail if selinux is enabled

[Wed Aug 03 13:52:12 2005] [debug] proxy_http.c(67): proxy: HTTP: 
canonicalising URL //webmail.XXX.be/exchange/
[Wed Aug 03 13:52:12 2005] [debug] mod_proxy.c(419): Trying to run 
scheme_handler
[Wed Aug 03 13:52:12 2005] [debug] proxy_http.c(1062): proxy: HTTP: serving URL 
https://webmail.XXX.be/exchange/
[Wed Aug 03 13:52:12 2005] [debug] proxy_http.c(186): proxy: HTTP connecting 
https://webmail.XXX.be/exchange/ to webmail.XXX.be:443
[Wed Aug 03 13:52:12 2005] [debug] proxy_util.c(1139): proxy: HTTP: fam 2 
socket created to
connect to webmail.XXX.be
Bad: [Wed Aug 03 13:52:12 2005] [error] (13)Permission denied: proxy: HTTP: 
attempt to connect to 123.123.123.123:443 (webmail.XXX.be) failed


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.25.3-9 httpd-2.0.54-10.1

How reproducible:
Always

Steps to Reproduce:
1.setenforce 1
2.access your http server configured ro reverse proxying
3.fail with message: BAD gateway
4. setenforce 0
5. it work.

Expected Results:  I would expect the default policy to allow proxying and 
Message is not explicit and I had to search a long time to understand....

Additional info:

We could allow apache to connect to apache ports by default, if thatwould satisfy this.

--

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: BackupPC and Selinux, Daniel J Walsh
Next by Date:	Re: MLS levels and the initial SID for kernel_t, Paul Moore
Previous by Thread:	[Bug 164992] New: Mod_proxy does not work with SElinux default policy, Joe Orton
Next by Thread:	Re: [Bug 164992] New: Mod_proxy does not work with SElinux default policy, Joe Orton
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: BackupPC and Selinux, Daniel J Walsh

Next by Date:

Re: MLS levels and the initial SID for kernel_t, Paul Moore

Previous by Thread:

[Bug 164992] New: Mod_proxy does not work with SElinux default policy, Joe Orton

Next by Thread:

Re: [Bug 164992] New: Mod_proxy does not work with SElinux default policy, Joe Orton

Indexes:

[Date] [Thread] [Top] [All Lists]

Free Magazines

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Re: [Bug 164992] New: Mod_proxy does not work with SElinux default policy: msg#00021

Free Magazines