Summary: | sec-policy/selinux-nginx & sec-policy/selinux-phpfpm (2.20120725-r6) missing phpfpm_stream_connect(nginx_t) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Vincent Brillault <gentoo> |
Component: | SELinux | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | sec-policy r7 | ||
Package list: | Runtime testing required: | --- |
Description
Vincent Brillault
2012-11-03 20:33:22 UTC
Is this sufficient (i.e. have you tested adding this)? Yes, it is, at least on my server. I resolved the denies and the corresponding nginx error ('502 Bad Gateway' in the client and '[crit] 2017#0: *1230 connect() to unix:/var/run/php5-fpm/php-fpm.sock failed (13: Permission denied) while connecting to upstream' in the nginx logs) by adding this rule, 'phpfpm_stream_connect(nginx_t)', to my policies. Great, thanks. Added in our repo, will also be part of r7 r7 is now in hardened-dev In main tree, ~arch'ed r8 is now stable |