selinux problem with httpd and mysql
Paul Howarth
paul at city-fan.org
Thu Jul 7 12:53:51 UTC 2005
Ankush Grover wrote:
> .We are developing a web based application for our client.Now the
> problem we are am facing is that,if the SELinux is on means
> SELINUX=enforcing and SELINUXTYPE=targeted then
> we are not able to run our application whereas If we disable the
> SELinux ,we are able to run our application.
>
> We are running our application on Apache with mysql & php.
>
> The logs from /var/log/messages are below:
>
> Logs when SELinux is on
>
> Jul 7 18:01:21 work kernel: audit(1120739481.281:0): avc: denied {
> write } for pid=3905 exe=/usr/sbin/httpd name=mysql.sock dev=hda5
> ino=96038 scontext=user_u:system_r:httpd_t
> tcontext=user_u:object_r:var_lib_t tclass=sock_file
> Jul 7 18:01:22 work kernel: audit(1120739482.959:0): avc: denied {
> write } for pid=3906 exe=/usr/sbin/httpd name=mysql.sock dev=hda5
> ino=96038 scontext=user_u:system_r:httpd_t
> tcontext=user_u:object_r:var_lib_t tclass=sock_file
Your mysql socket appears to have the wrong context.
On my system, I get:
# ls -lZ /var/lib/mysql/mysql.sock
srwxrwxrwx mysql mysql system_u:object_r:mysqld_var_run_t
/var/lib/mysql/mysql.sock
You seem to have a context of user_u:object_r:var_lib_t for this.
Or is your mysql.sock not in the /var/lib/mysql directory? If so, why?
Paul.
More information about the fedora-list
mailing list