On Tue, Jan 24, 2012 at 08:03:00PM -0600, Fedora Linux wrote: > Yes... it appeared a popup with SELinux errors, I opened it and shows: > > SELinux is preventing /usr/sbin/httpd from connectto access on the > unix_stream_socket /var/lib/mysql/mysql.sock. > > ***** Plugin catchall (100. confidence) suggests > *************************** > > If you believe that httpd should be allowed connectto access on the > mysql.sock unix_stream_socket by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep /usr/sbin/httpd /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp [...snip...]
Actually, there are a set of booleans available to tune SELinux for common or popular groups of access. Allowing your web server to talk to MySQL is definitely one. Try this as root: # setsebool -P httpd_can_network_connect_db on If you want to see the full set of booleans (there are a lot!): # getsebool -a # getsebool -a | grep httpd # just those relevant to Apache No need to compile specific modules for these common cases. I generally look for a boolean first if it seems like something that ought to be easily tunable. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ The open source story continues to grow: http://opensource.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
