Add httpd_graceful_shutdown boolean to allow httpd to connect to port 80

fedora-selinux · May 1, 2012 · 18934f1 · 18934f1
1 parent 281ad15
commit 18934f1
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
@@ -85,6 +85,13 @@ gen_tunable(httpd_can_network_connect, false)
 ## </desc>
 gen_tunable(httpd_can_network_connect_cobbler, false)
 
+## <desc>
+##	<p>
+##	Allow HTTPD to connect to http port
+##	</p>
+## </desc>
+gen_tunable(httpd_graceful_shutdown, false)
+
 ## <desc>
 ##	<p>
 ##	Allow HTTPD scripts and modules to connect to databases over the network.
@@ -538,7 +545,9 @@ corenet_tcp_bind_jboss_messaging_port(httpd_t)
 corenet_sendrecv_http_server_packets(httpd_t)
 corenet_tcp_bind_puppet_port(httpd_t)
 # Signal self for shutdown
-#corenet_tcp_connect_http_port(httpd_t)
+tunable_policy(`httpd_graceful_shutdown',`
+	corenet_tcp_connect_http_port(httpd_t)
+')
 
 dev_read_sysfs(httpd_t)
 dev_read_rand(httpd_t)