selinux permissive and type targeted
Posted
by
krisdigitx
on Server Fault
See other posts from Server Fault
or by krisdigitx
Published on 2012-12-02T14:41:14Z
Indexed on
2012/12/02
17:06 UTC
Read the original article
Hit count: 350
i am running centos 6.2
recently i noticed that apache was running with selinux enabled
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=Permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
i noticed that these errors were coming on dmesg
type=1400 audit(1354453732.704:9056368): avc: denied { name_connect } for pid=39006 comm="httpd" dest=11211 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:memcache_port_t:s0 tclass=tcp_socket
type=1400 audit(1354453735.777:9056369): avc: denied { name_connect } for pid=39046 comm="httpd" dest=6379 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
i then enabled
/usr/sbin/setsebool httpd_can_network_connect=1
and this stopped the errors and also the webpages started to work.
My question is if selinux is in permissive mode will selinuxtype=targeted enforce any polices?
if not how did it solve the problem with apache as selinux was already in permissive mode?
© Server Fault or respective owner