postgresql with httpd and dotclear
KaiGai Kohei
kaigai at ak.jp.nec.com
Tue Feb 5 14:54:06 UTC 2008
Nicolas Chauvet wrote:
> Hello !
>
> I try to use apache and postgresql with the dotclear blog engine.
> When I try to enter the database information from the admin config
> wizard within the browser, have a selinux denial :
>
> audit(1202182131.382:34): avc: denied { name_connect } for pid=2604
> comm="httpd" dest=5432 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket
>
> [root at haderach ~]# ls -Z /home/www/
> drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 dotclear
>
> [root at haderach ~]# rpm -q sepostgresql
> sepostgresql-8.2.6-1.158.fc8
> selinux-policy-3.0.8-81.fc8
> selinux-policy-targeted-3.0.8-81.fc8
>
> [root at haderach data]# semodule -l |grep postgre
> sepostgresql 1.158
Can the following command help you?
# setsebool -P httpd_can_network_connect_db=1
> On the other hand, when i try to use phpPgAdmin, it works. But i need to
> change: /var/lib/pgsql/data/pg_hba.conf from ident sameuser to
> md5.(tryed the same for dotclear without sucess).
>
> Also, from: http://code.google.com/p/sepgsql/wiki/install_memo_Fedora7
> As i'm using F-8, i expect not to need the additional recompiled
> selinux-policy-2.6.4-38.sepgsql.fc7.noarch.rpm. (don't know if current
> F-7 users will still need it?) - At least the .sepsql doen't fit the
> same version number
The selinux-policy packages with ".sepgsql" are special care for Fedora 7
users, because selinux-policy-2.x series does not contain the definitions
related to database objects (like, db_table, db_column, ...)
You don't need to replace it, whenever sepostgresql works on Fedora 8.
Thanks,
> Any tips for this ?
>
>
> Nicolas (kwizart)
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
More information about the fedora-selinux-list
mailing list