FC5 SELinux prevents php from connecting to postgresql
Rahul Sundaram
sundaram at fedoraproject.org
Tue Jul 4 12:00:22 UTC 2006
Paul Howarth wrote:
> Clodoaldo Pinto wrote:
>
>> 2006/7/4, Paul Howarth <paul at city-fan.org>:
>>
>>> On Mon, 2006-07-03 at 18:35 -0300, Clodoaldo Pinto wrote:
>>> > FC5 SELinux prevents php from connecting to postgresql.
>>> >
>>> > I had a hard time trying to figure out why I could not connect from
>>> > php to postgres locally in a new and patched FC5 box, although I
>>> could
>>> > connect to that same postgres server and with the same user from
>>> > another box (FC3).
>>> >
>>> > >From /var/log/messages:
>>> >
>>> > kernel: audit(1151945653.900:39): avc: denied { name_connect } for
>>> > pid=17167 comm="httpd" dest=5432 scontext=user_u:system_r:httpd_t:s0
>>> > tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket
>>>
>>> Try:
>>> # setsebool -P httpd_can_network_connect_db 1
>>
>>
>> Thank you Paul. I had already solved it when I posted using the
>> instructions here:
>> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
>
>
> That's a general technique applicable to just about all SELinux
> issues. Some of the more common ones, such as connecting to databases
> over the network, can be addressed by setting booleans as it's already
> catered for in the policy.
Yes. Booleans should have been referred to in that FAQ as the first
thing to look at. I filed a report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197587
Rahul
More information about the fedora-list
mailing list