SELinux dropping PHP Connection
Johan Dindaine
jojolapin972 at gmail.com
Tue Apr 13 06:37:43 UTC 2010
2010/4/13 Greg Cornell <Greg.Cornell at wallawalla.edu>:
> Check out the getsebool and setsebool commands. I think what you want is something like:
>
> setsebool -P httpd_can_network_connect=on
Can you remind me where the physical file this command is modifying
please? It's in a directory with all the files holding the other
SELinux options.
>
> Greg
>
> On Apr 12, 2010, at 6:23 AM, Johan Dindaine wrote:
>
>> not in message but in /var/log/audit/audit.log
>> type=AVC msg=audit(1271075175.712:264486): avc: denied {
>> name_connect } for pid=31420 comm="httpd" dest=15000
>> scontext=user_u:system_r:httpd_t:s0
>> tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
>>
>> I did run this command that has solved the problem:
>> /usr/sbin/semanage port -a -t http_port_t -p tcp 15000
>>
>> but now I receive another error:
>> Warning: file_get_contents(http://localhost:15000/...)
>> [function.file-get-contents]: failed to open stream: Connection
>> refused
>>
>> The previous command should have opened port 15000 so how the
>> connection can be dropped now?
>>
>> 2010/4/12 Marti, Robert <RJM002 at shsu.edu>:
>>> Anything showing up in /var/log/messages?
>>>
>>> Sent from my iPhone
>>>
>>> On Apr 12, 2010, at 7:48, "Johan Dindaine" <jojolapin972 at gmail.com>
>>> wrote:
>>>
>>>> Good morning the list,
>>>>
>>>> I am managing a Red Hat server which has got a standar LAMP
>>>> environment (PHP 5.3 + MYSQL 5.1 + Apache 2.2.3).
>>>> When I am trying to parse files that are external to my network or out
>>>> of my virtual host I got this weird error message:
>>>> Warning: file_get_contents(http://localhost:15000/solr...)
>>>> [function.file-get-contents]: failed to open stream: Permission denied
>>>> I suspect that SELinux is dropping the connection as I haven't set up
>>>> any limitation at PHP level (safe_mode is Off and allow_url_fopen is
>>>> ON).
>>>> My question is how can I modify this setting to allow my script to
>>>> call this external URL?
>>>>
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list