403143 – net-proxy/squid default http_port 3128 not in selinux http_cache_port_t tcp

Bug 403143 - net-proxy/squid default http_port 3128 not in selinux http_cache_port_t tcp

Summary: net-proxy/squid default http_port 3128 not in selinux http_cache_port_t tcp

Status:	VERIFIED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Sven Vermeulen (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-02-11 10:39 UTC by Florian Steinel
Modified:	2012-04-29 15:16 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Steinel 2012-02-11 10:39:49 UTC

Squid can not bind to default port. name_bind denied

Reproducible: Always

Steps to Reproduce:
1. rc-service squid start
2. ps ax|grep squid
Actual Results:  
/var/log/squid/cache.log: FATAL: Cannot open HTTP Port
grep name_bind /var/log/avc.log: type=1400 audit(1328955983.139:1278): avc:  denied  { name_bind } for  pid=2811 comm="squid" src=3128 scontext=system_u:system_r:squid_t tcontext=system_u:object_r:port_t tclass=tcp_socket

Expected Results:  
squid is running and listening on tcp port 3128

fix: semanage port -a -t http_cache_port_t -p tcp 3128

Comment 1 Sven Vermeulen (RETIRED) gentoo-dev

2012-02-27 22:01:52 UTC

in hardened-dev overlay

Comment 2 Sven Vermeulen (RETIRED) gentoo-dev

2012-03-31 12:43:57 UTC

In main tree, ~arch'ed

Comment 3 Sven Vermeulen (RETIRED) gentoo-dev

2012-04-29 15:16:03 UTC

Stable