Paul Howarth wrote:
Clodoaldo Pinto wrote:
2006/7/4, Paul Howarth <paul@xxxxxxxxxxxx>:
On Mon, 2006-07-03 at 18:35 -0300, Clodoaldo Pinto wrote:
> FC5 SELinux prevents php from connecting to postgresql.
>
> I had a hard time trying to figure out why I could not connect from
> php to postgres locally in a new and patched FC5 box, although I
could
> connect to that same postgres server and with the same user from
> another box (FC3).
>
> >From /var/log/messages:
>
> kernel: audit(1151945653.900:39): avc: denied { name_connect } for
> pid=17167 comm="httpd" dest=5432 scontext=user_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket
Try:
# setsebool -P httpd_can_network_connect_db 1
Thank you Paul. I had already solved it when I posted using the
instructions here:
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
That's a general technique applicable to just about all SELinux
issues. Some of the more common ones, such as connecting to databases
over the network, can be addressed by setting booleans as it's already
catered for in the policy.
Yes. Booleans should have been referred to in that FAQ as the first
thing to look at. I filed a report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197587
Rahul
