This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs and patches should be submitted to selinux@vger.kernel.org
Other
1.33k
stars
359
forks
source link
Scope of boolean 'httpd_can_network_connect' & Django SELinux permissions #402
One of the options I have is to enable 'httpd_can_network_connect' but in Redhat documentation, the definition of this boolean is a bit vague. It says:
When disabled, this Boolean prevents HTTP scripts and modules from initiating a connection to a network or remote port. Enable this Boolean to allow this access.
Can someone explain what is the full scope.
Also (optional), what are the recommended solution .. while looking at my SELinux log. I'm only trying to install following its default values, default everything, using its documentation, which doesn't say anything about SELinux.
Hello, I'm trying to understand the full scope of what enabling 'httpd_can_network_connect' does.
For context, I'm on Fedora38, HTTPD, Python, MariaDB stack. Trying to troubleshoot SELinux related issues I'm getting while setting up Django.
here is the paste of my terminal output on
sudo sealert -a /var/log/audit/audit.log
https://paste.pythondiscord.com/yujolenazeand this is when I do `sudo ausearch -i -m AVC (-ts recent gave me no results) https://paste.pythondiscord.com/acoyohapat
One of the options I have is to enable 'httpd_can_network_connect' but in Redhat documentation, the definition of this boolean is a bit vague. It says:
When disabled, this Boolean prevents HTTP scripts and modules from initiating a connection to a network or remote port. Enable this Boolean to allow this access.
I am worried that it opens up httpd a bit too much. Specially looking at this answer over at ServerFault: https://serverfault.com/questions/1020429/how-much-does-httpd-can-network-connect-being-set-to-1-actually-open-up-on-selin
Can someone explain what is the full scope. Also (optional), what are the recommended solution .. while looking at my SELinux log. I'm only trying to install following its default values, default everything, using its documentation, which doesn't say anything about SELinux.