gsoapselinux

SOAP 1.2 fault: SOAP-ENV:Receiver [no subcode]


We have a web service written in java (using Axis 1.4). We access this in c++ code using gSOAP (2.8.101). We are using OpenSSL (1.1.1e). On RHEL 8 we are seeing the SOAP 1.2 fault. The error is as below: SOAP 1.2 fault: SOAP-ENV:Receiver [no subcode] "Permission denied" Detail: connect failed in tcp_connect()

The same code works good in RHEL7. Any suggestions on how to fix this?


Solution

  • It seems as if SELinux is blocking the connection. To temporarily allow the connection, you can use setenforce 0. This won't survive a server reboot, so if you'd like it to survive, you need to set SELinux to work in permissive mode in /etc/selinux/config.

    To continue working in enforcing mode, depending on the application, there might be a built-in SELinux policy to allow the connection you need with SELinux set to enforcing just by enabling an appropriate boolean. You can get the list of all SELinux booleans by executing:

    getsebool -a # List all available SELinux booleans on your system
    

    For example, to allow the HTTPD scripts and modules to connect to the network, enable the following SELinux boolean:

    sudo setsebool -P httpd_can_network_connect on
    

    If you don't want to allow HTTPD to connect to any port, you can use an appropriate boolean:

    sudo setsebool -P httpd_can_network_connect_db on
    

    This will allow HTTPD to connect to the database over the network. If there's no appropriate boolean for you to enable, you'll have to build your own policy. You can do that using the audit2allow -M command. For example, if your command that generates an error in your audit.log is httpd, you can do the following:

    sudo ausearch -c 'httpd' --raw | audit2allow -M my-policy
    sudo semodule -X 300 -i my-policy.pp
    

    Usually, it's not a good practice to use audit2allow to allow access for a service if there's a built-in boolean available for that service. Use audit2allow as your last resort if there is no appropriate boolean for your paticular service.