 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 4/20/07, Stephen B Goldman <sgoldman at mit.edu> wrote:
> Hello Tom,
> This is a second address on the machine -
> The first in 192.168.1.35 which listens on 80
>
> The second Virtual Host is 192.168.1.110 which should listen on 1185-
>
>
> I tested 192.168.1.110 on 80 and it worked-
>
> the goal is it to have listen on 1185
>
> and this is where the problem is.
>
As Tom pointed out earlier,
kernel: audit(1177078045.770:10): avc: denied { name_bind }
for pid=6497 comm="httpd" src=1185 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:port_t tclass=tcp_socket
shows that SELinux is blocking apache from using any port except 80
(and perhaps 443 for SSL).
Running audit2allow against that line shows the selinux rule
allow httpd_t port_t:tcp_socket name_bind;
would allow apache to bind to any port. That may be more open than
you want to make it, though.
I haven't messed around with selinux much, I've basically just read
the O'Reilly book on SELinux. I believe you need to install the
selinjux-sources package in order to customize the rules. There's
probably a decent FAQ or HOWTO document out there, though.
--
John Abreau / Executive Director, Boston Linux & Unix
GnuPG KeyID: 0xD5C7B5D9 / Email: abreauj at gmail.com
GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
