| Summary: | net-proxy/squid default http_port 3128 not in selinux http_cache_port_t tcp | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Florian Steinel <Florian.Steinel> |
| Component: | Hardened | Assignee: | Sven Vermeulen (RETIRED) <swift> |
| Status: | VERIFIED FIXED | ||
| Severity: | normal | CC: | selinux |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
in hardened-dev overlay In main tree, ~arch'ed Stable |
Squid can not bind to default port. name_bind denied Reproducible: Always Steps to Reproduce: 1. rc-service squid start 2. ps ax|grep squid Actual Results: /var/log/squid/cache.log: FATAL: Cannot open HTTP Port grep name_bind /var/log/avc.log: type=1400 audit(1328955983.139:1278): avc: denied { name_bind } for pid=2811 comm="squid" src=3128 scontext=system_u:system_r:squid_t tcontext=system_u:object_r:port_t tclass=tcp_socket Expected Results: squid is running and listening on tcp port 3128 fix: semanage port -a -t http_cache_port_t -p tcp 3128