[CentOS] NetworkManager, multiple IPs, and selinux...
Sean
smalder73 at gmail.comThu Oct 4 20:10:40 UTC 2018
- Previous message: [CentOS] CentOS 7.5, Apache 2.4, Kerberos
- Next message: [CentOS] NetworkManager, multiple IPs, and selinux...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello, I was wondering if any one has seen issues with selinux name_bind denials that result from having IP:PORT bindings for services to specific IP addresses managed on an interface under NetworkManager's control? I do realize that people will probably say stop using NetworkManager, and I may, but the behavior is strange, and I'd like to have a better understanding of what's going on. The config is like so: # nmcli c mod eth0 ipv4.addresses 192.168.1.10/24,192.168.1.11/24 # nmcli c down eth0 # nmcli c up eth0 # getenforce Enforcing # systemctl start httpd <errors> permission denied binding to 192.168.1.10:443 Apache has two simple IP based VHosts, site1 and site2, with different (and correct dns records and ssl certs). I'm snipping the config because I know the Apache config works. Listen 443 <VirtualHost 192.168.1.10:443> ... <VirtualHost 192.168.1.11:443> ... I find the denial strange. I've done some testing such as removing one VHost's config and adding a NIC to the VM (eth1) and reconfigure to have 1 IP on each NIC and use both Vhosts. Either way, the selinux denial disappears and everything works. All the packaged selinux policy relating to httpd_t and access to port 443 is correct. I don't doubt that if I ditched NetworkManager and went for eth0:0 and eth0:1 for the IP interfaces, all would be well. I'd just like to see if anyone has some input on the issue. --Sean
- Previous message: [CentOS] CentOS 7.5, Apache 2.4, Kerberos
- Next message: [CentOS] NetworkManager, multiple IPs, and selinux...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list