selinux problem with httpd and mysql
Ankush Grover
ankush174 at gmail.com
Thu Jul 7 12:44:37 UTC 2005
hey friends,
.We are developing a web based application for our client.Now the
problem we are am facing is that,if the SELinux is on means
SELINUX=enforcing and SELINUXTYPE=targeted then
we are not able to run our application whereas If we disable the
SELinux ,we are able to run our application.
We are running our application on Apache with mysql & php.
The logs from /var/log/messages are below:
Logs when SELinux is on
Jul 7 18:01:21 work kernel: audit(1120739481.281:0): avc: denied {
write } for pid=3905 exe=/usr/sbin/httpd name=mysql.sock dev=hda5
ino=96038 scontext=user_u:system_r:httpd_t
tcontext=user_u:object_r:var_lib_t tclass=sock_file
Jul 7 18:01:22 work kernel: audit(1120739482.959:0): avc: denied {
write } for pid=3906 exe=/usr/sbin/httpd name=mysql.sock dev=hda5
ino=96038 scontext=user_u:system_r:httpd_t
tcontext=user_u:object_r:var_lib_t tclass=sock_file
Logs when SELinux is turned off
Jul 7 18:01:33 work kernel: audit(1120739493.871:0): avc: granted {
setenforce } for pid=4106 exe=/usr/bin/setenforce
scontext=root:system_r:unconfined_t
tcontext=system_u:object_r:security_t tclass=security
Jul 7 18:01:34 work iptables: succeeded
Jul 7 18:01:34 work last message repeated 2 times
Jul 7 18:01:34 work kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jul 7 18:01:34 work kernel: ip_conntrack version 2.1 (4031 buckets,
32248 max) - 356 bytes per conntrack
Jul 7 18:01:35 work iptables: succeeded
Jul 7 18:01:37 work kernel: audit(1120739497.255:0): avc: denied {
write } for pid=2393 exe=/usr/sbin/httpd name=mysql.sock dev=hda5
ino=96038 scontext=user_u:system_r:httpd_t
tcontext=user_u:object_r:var_lib_t tclass=sock_file
Logs again switching SELinux to on state
Jul 7 18:01:37 work kernel: audit(1120739497.255:0): avc: denied {
connectto } for pid=2393 exe=/usr/sbin/httpd
path=/var/lib/mysql/mysql.sock scontext=user_u:system_r:httpd_t
tcontext=user_u:system_r:unconfined_t tclass=unix_stream_socket
Can anybody help me in solving this SELinux problem.
Thanks & Regards
Ankush Grover
More information about the fedora-list
mailing list