FC5 SELinux prevents php from connecting to postgresql
Clodoaldo Pinto
clodoaldo.pinto at gmail.com
Tue Jul 4 11:33:06 UTC 2006
2006/7/4, Paul Howarth <paul at city-fan.org>:
> On Mon, 2006-07-03 at 18:35 -0300, Clodoaldo Pinto wrote:
> > FC5 SELinux prevents php from connecting to postgresql.
> >
> > I had a hard time trying to figure out why I could not connect from
> > php to postgres locally in a new and patched FC5 box, although I could
> > connect to that same postgres server and with the same user from
> > another box (FC3).
> >
> > >From /var/log/messages:
> >
> > kernel: audit(1151945653.900:39): avc: denied { name_connect } for
> > pid=17167 comm="httpd" dest=5432 scontext=user_u:system_r:httpd_t:s0
> > tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket
>
> Try:
> # setsebool -P httpd_can_network_connect_db 1
Thank you Paul. I had already solved it when I posted using the
instructions here:
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Your suggestion seems much simpler. Is it permanent? Where can a
SEBolls list be found?
I just posted this to alert others who could fall in the same problem.
BTW, why is httpd prevented to connect to postgres (the only db I
tested until now) as default? Is it a bug?
Regards, Clodoaldo Pinto
More information about the fedora-list
mailing list