SELinux dropping PHP Connection
Johan Dindaine
jojolapin972 at gmail.com
Tue Apr 13 06:36:12 UTC 2010
2010/4/12 Marti, Robert <RJM002 at shsu.edu>:
> It opened the port as far as SELinux is concerned. Is the port firewalled off to localhost?
>
the port is not firewalled (not at the box level for sure), iptable shows:
/sbin/iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
and secondly I can (logged as Apache [given it a shell]) source the
URL I want to opend without any problem.
I did finally put SELinux completely off (/usr/sbin/setenforce 0) but
I should consider the last option to just allow HTTPD to connect.
> Rob Marti
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Johan Dindaine
> Sent: Monday, April 12, 2010 8:24 AM
> To: General Red Hat Linux discussion list
> Subject: Re: SELinux dropping PHP Connection
>
> not in message but in /var/log/audit/audit.log
> type=AVC msg=audit(1271075175.712:264486): avc: denied {
> name_connect } for pid=31420 comm="httpd" dest=15000
> scontext=user_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
>
> I did run this command that has solved the problem:
> /usr/sbin/semanage port -a -t http_port_t -p tcp 15000
>
> but now I receive another error:
> Warning: file_get_contents(http://localhost:15000/...)
> [function.file-get-contents]: failed to open stream: Connection
> refused
>
> The previous command should have opened port 15000 so how the
> connection can be dropped now?
>
> 2010/4/12 Marti, Robert <RJM002 at shsu.edu>:
>> Anything showing up in /var/log/messages?
>>
>> Sent from my iPhone
>>
>> On Apr 12, 2010, at 7:48, "Johan Dindaine" <jojolapin972 at gmail.com>
>> wrote:
>>
>>> Good morning the list,
>>>
>>> I am managing a Red Hat server which has got a standar LAMP
>>> environment (PHP 5.3 + MYSQL 5.1 + Apache 2.2.3).
>>> When I am trying to parse files that are external to my network or out
>>> of my virtual host I got this weird error message:
>>> Warning: file_get_contents(http://localhost:15000/solr...)
>>> [function.file-get-contents]: failed to open stream: Permission denied
>>> I suspect that SELinux is dropping the connection as I haven't set up
>>> any limitation at PHP level (safe_mode is Off and allow_url_fopen is
>>> ON).
>>> My question is how can I modify this setting to allow my script to
>>> call this external URL?
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list