selinux problem with httpd and mysql

Ankush Grover ankush174 at gmail.com
Thu Jul 7 12:44:37 UTC 2005


hey friends,

.We are developing a web based application for our client.Now the
problem we are am facing is that,if the SELinux is on means
SELINUX=enforcing and SELINUXTYPE=targeted then
we are not able to run our application whereas If we disable the
SELinux ,we are able to run our application.

We are running our application on Apache with mysql & php.

The logs from /var/log/messages are below:

Logs when SELinux is on

Jul  7 18:01:21 work kernel: audit(1120739481.281:0): avc:  denied  {
write } for  pid=3905 exe=/usr/sbin/httpd name=mysql.sock dev=hda5
ino=96038 scontext=user_u:system_r:httpd_t
tcontext=user_u:object_r:var_lib_t tclass=sock_file
Jul  7 18:01:22 work kernel: audit(1120739482.959:0): avc:  denied  {
write } for  pid=3906 exe=/usr/sbin/httpd name=mysql.sock dev=hda5
ino=96038 scontext=user_u:system_r:httpd_t
tcontext=user_u:object_r:var_lib_t tclass=sock_file


Logs when SELinux is turned off

Jul  7 18:01:33 work kernel: audit(1120739493.871:0): avc:  granted  {
setenforce } for  pid=4106 exe=/usr/bin/setenforce
scontext=root:system_r:unconfined_t
tcontext=system_u:object_r:security_t tclass=security
Jul  7 18:01:34 work iptables:  succeeded
Jul  7 18:01:34 work last message repeated 2 times
Jul  7 18:01:34 work kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jul  7 18:01:34 work kernel: ip_conntrack version 2.1 (4031 buckets,
32248 max) - 356 bytes per conntrack
Jul  7 18:01:35 work iptables:  succeeded
Jul  7 18:01:37 work kernel: audit(1120739497.255:0): avc:  denied  {
write } for  pid=2393 exe=/usr/sbin/httpd name=mysql.sock dev=hda5
ino=96038 scontext=user_u:system_r:httpd_t
tcontext=user_u:object_r:var_lib_t tclass=sock_file

Logs again switching SELinux to on state


Jul  7 18:01:37 work kernel: audit(1120739497.255:0): avc:  denied  {
connectto } for  pid=2393 exe=/usr/sbin/httpd
path=/var/lib/mysql/mysql.sock scontext=user_u:system_r:httpd_t
tcontext=user_u:system_r:unconfined_t tclass=unix_stream_socket

Can anybody help me in solving this SELinux problem.

Thanks & Regards

Ankush Grover




More information about the fedora-list mailing list