PHP cannot connect to mysql server
dragoran
dragoran at feuerpokemon.de
Wed Nov 10 16:25:57 UTC 2004
Stephen Smalley schrieb:
>On Wed, 2004-11-10 at 11:05, dragoran wrote:
>
>
>> * echo "allow httpd_t var_lib_t:sock_file rw_socket_perms;" >
>> domains/program/httpd_socket.te
>>
>>
>
>Yes, that instruction was incorrect. Two different objects for a Unix
>domain socket: the file that is used to "name" it, and the socket
>itself. So you need something like:
>
>allow httpd_t var_lib_t:sock_file rw_file_perms;
>can_unix_send(httpd_t, unconfined_t)
>can_unix_connect(httpd_t, unconfined_t)
>
>The first line allows it to access the file object, while the latter two
>lines allow the inter-process communication between httpd and the mysqld
>(which is running unconfined by default in the targeted policy). The
>obvious problem with this approach is that an exploit of a flaw in your
>httpd can now reach an unconfined process, possibly subverting it and
>thus gaining full access to the system. Better to add a separate domain
>for mysqld.
>
>
>
and how can I add a separte doiman for mysqld ? Sorry I am new to
selinux....
More information about the fedora-selinux-list
mailing list