I am seeing this avc message come up on an SELinux system:
audit(1146666553.428:9106): avc: denied { name_connect } for pid=24205 comm="apache2" dest=443 scontext=system_u:system_r:httpd_t
tcontext=system_u:object_r:http_port_t tclass=tcp_socket Usually there is a quick burst of these (1/s) over a couple minutes, at irregular intervals. The corresponding apache2 error_log entries look like this: [warn] (13)Permission denied: connect to listener on 0.0.0.0:443 There are *not* any corresponding access_log messages, so it does not seem to be triggered by an external event. The server in question does run https. It also runs a shopping cart application as CGI, which runs in it's own domain (not httpd_t) so I don't think the application can be doing this. It seems to correspond to a switch to 2.6.16 kernel (gentoo-sources, and policy version 20) and apache-2.0.55. Any ideas why apache would do this on it's own? -- The Pythonic Principle: Python works the way it does because if it didn't, it wouldn't be Python. -- [email protected] mailing list
