PHP cannot connect to mysql server
Daniel J Walsh
dwalsh at redhat.com
Wed Nov 10 15:52:22 UTC 2004
dragoran wrote:
> I am running FC3 with selinux on targeted policy. When PHP tryies to
> connect to the mysql server i get this messages in dmesg:
> sbin/httpd name=mysql.sock dev=hda3 ino=309535
> scontext=user_u:system_r:httpd_t tcontext=user_u:object_r:var_lib_t
> tclass=sock_file
> Disabling SELinux for Apache fix this, but I want to run httpd with
> selinux.
> So how can i fix this?
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
A couple of things to try.
I am thinking of adding mysqld.te file to targeted policy. (attached)
You can try to use it by doing the following
* Install selinux-policy-targeted-sources.
* yum install selinux-policy-targeted-sources
* cd /etc/selinux/targeted/src/policy
* cp MYSQLD.te domains/program/
* make load
* rpm -q -l mysql | restorecon -R -f -
* service mysql restart
Or you can just add the ability to write to sock_files in var lib.
* Install selinux-policy-targeted-sources.
* yum install selinux-policy-targeted-sources
* cd /etc/selinux/targeted/src/policy
* echo "allow httpd_t var_lib_t:sock_file rw_socket_perms;" >
domains/program/httpd_socket.te
* make load
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mysqld.te
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20041110/21071693/attachment.ksh>
More information about the fedora-selinux-list
mailing list