selinux permissive and type targeted

Posted by krisdigitx on Server Fault See other posts from Server Fault or by krisdigitx
Published on 2012-12-02T14:41:14Z Indexed on 2012/12/02 17:06 UTC
Read the original article Hit count: 350

Filed under:
|
|

i am running centos 6.2

recently i noticed that apache was running with selinux enabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=Permissive
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

i noticed that these errors were coming on dmesg

type=1400 audit(1354453732.704:9056368): avc:  denied  { name_connect } for  pid=39006 comm="httpd" dest=11211 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:memcache_port_t:s0 tclass=tcp_socket
type=1400 audit(1354453735.777:9056369): avc:  denied  { name_connect } for  pid=39046 comm="httpd" dest=6379 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

i then enabled

 /usr/sbin/setsebool httpd_can_network_connect=1

and this stopped the errors and also the webpages started to work.

My question is if selinux is in permissive mode will selinuxtype=targeted enforce any polices?

if not how did it solve the problem with apache as selinux was already in permissive mode?

© Server Fault or respective owner

Related posts about linux

Related posts about security