Ack, my WordPress suffers connectile dysfunction on a fresh install of RedHat 5! Not only did I get the above message, but dmesg was filling up with errors like this:
audit(1179258445.529:38): avc: denied { name_connect } for pid=3332 comm=“httpd” dest=3306 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
It turns out that I was getting stung by SELinux, which is enabled by default in RedHat 5. All the extra security is probably a good idea, if I knew how to configure it, but for the moment it was breaking a live site.
So I (well, Cliffy, Al, and I), took the short cut and set SELINUX=permissive in /etc/sysconfig/selinux (we could have gone with SELINUX=disabled, but this will help us learn…while we watch it fill our log files).
None of this would be a problem, likely, if I wasn’t using a remote MySQL server, but….
SELinux, RedHat 5, mysql blocked, connection problem, disable selinux
Posted May 21, 2007 by Casey Bisson
Categories: Technology. Tags: connection problem, disable selinux, mysql blocked, RedHat 5, SELinux.
3 Comments
Comments RSS
TrackBack Identifier URI
Leave a comment
User contributed tags for this post:
selinux centos (184) - deactivate selinux (83) - selinux redhat 5 (75) - remove selinux (68) - redhat 5 selinux (55) - redhat 5 firewall (54) - disable selinux redhat 5 (50) - centos selinux (50) - rhel5 disable selinux (47) - uninstall selinux (42) - redhat 5 disable selinux (39) - www.89.com (36) - how to disable selinux in redhat 5 (32) - SELinux (32) - selinux deactivate (31) - rhel5 firewall (30) - SElinux RHEL5 (28) - RedHat SELinux (26) - RHEL 5 firewall (24) - RedHat 5 (24) - disable selinux redhat (24) - rhel5 disable firewall (23) - disable selinux rhel5 (22) - how to deactivate selinux (21) - selinux mysqld (21) - rhel5 selinux (21) - selinux uninstall (20) - red hat 5 firewall (20) - selinux httpd (20) - centos remove selinux (18) - deactivating SELinux (17) - www.sex.com (16) - red hat 5 disable SELinux (16) - centos disable firewall (15) - 89.com (14) - disable selinux (14) - red hat 5 selinux (14) - CentOS 5 selinux (14) - redhat 5 selinux disable (14) - centos disable audit (14) - sexi movise (14) - uninstall selinux centos (14) - selinux redhat (13) - selinux mysql (13) - selinux remove (13) - F (12) - disable sealert (11) - centos 5 disable selinux (11) - firewall rhel5 (11) - disable SELinux firewall (10) - wordpress Selinux (10) - remove selinux centos (10) - rhel 5 selinux (10) - RHEL 5 disable SELinux (10) - RHEL5 turn off firewall (10) - 89 com (9) - how to firewall red hat 5 (9) - selinux firewall (9) - centos uninstall selinux (9) - selinux centos 5 (9) - disable selinux in rhel5 (9) - selinux rhel (9) - WWW 89 COM (8) - disable selinux for mysql (8) - mysql selinux redhat (8) - centos 5 firewall (8) - firewall redhat 5 (8) - RHEL5 SElinux disable (8) - disable selinux red hat 5 (7) - شهوت سرا (7) - disabel selinux (7) - centos 5 SELinux httpd (7) - redhat disable selinux (7) - disable selinux on redhat 5 (7) - centos 5 turn off firewall (7) - redhat remove selinux (7) - how to disable SElinux redhat 5 (7) - disable firewall rhel5 (7) - RHEL 5 disable firewall (7) - sexy giral (6) - cache zb13W 9bWjkJ maisonbisson com blog post 10248 sex (6) - httpd mysql selinux (6) - redhat selinux firewall (6) - selinux disable redhat (6) - mysql selinux (6) - avc: denied { search } (6) - selinux httpd mysql (6) - mysqld selinux (6) - centos deactivate selinux (6) - setroubleshoot centos (6) - disable selinux centos (6) - disable selinux mysql (6) - how disable selinux (6) - ?????? ???? (5) - داستان (5) - mysql redhat 5 (5) - turn off selinux (5) - red hat 5 setroubleshoot package (5) - deactivate selinux redhat (5) - deactivate selinux centos (5) - centos setroubleshoot (5) - disable selinux mysqld (5) - selinux ports (5) - firewall red hat 5 (5) - centos 5 selinux disable (5) - rhel disable selinux (5) - disable firewall and SElinux (5) - RHEL 5 turn off firewall (5) - time passing quote (4) - selinux wordpress (4) - ???? ?? (4) - sexy teacher com (4) - cache Jf0O1b4BVFUJ maisonbisson com blog post 10849 IVI (4) - red hat disable selinux (4) - how to disable SELinux on redhat 5 (4) - selinux httpd 3306 (4) - SELINUX tcontext system u object r mysqld port t s0 tcl (4) - redhat 5 audit (4) - selinux redhat 5 disable (4) - selinux httpd mysql connection problem (4) - IN (4) - redhat 5 turn off selinux (4) - redhat 5 turn off firewall (4) - how to disable selinux in rhel5 (4) - turn off selinux rhel5 (4) - redhat 5 firewall disable (4) - centos turn off selinux (4) - redhat setroubleshoot (4) - selinux in centos (4) - rhel5 turn off selinux (4) - RHEL5 SELinux Permissive (4) - avc: denied { name_connect } for comm=httpd dest=3306 (4) - selinux httpd redhat (4) - SELinux in RHEL5 (4) - disable selinux rhel (4) - how to disable selinux rhel5 (4) - rhel5 uninstall selinux (4) - centos 5 disable firewall (4) - how to disable firewall in rhel5 (4) - denied { name_connect } (4) - disabling SeLinux and firewall (4) - redhat deactivate selinux (4) - disable rhel5 firewall (4) - uninstall selinux redhat (4) - ????????? ???? (3) - ???? ??? (3) - turn off AVC firewall (3) - porno clasic (3) - my sexy teacher com (3) - cache KDjBsi0AbJ8J maisonbisson com blog post 10345 my (3) -
Would still potentially pose the same problems. At least if I am understanding you correctly. SELinux is more like a system firewall rather than a network firewall, so processes are restricted to their permissions, regardless of where the process is being executed. So, httpd was trying to operate outside the boundaries set within SELinux.
At least if I remember correctly. It has been a few years since I have messed with it at all.
sealert is your friend. It goes through the error logs, and tells you what all the selinux alerts and denials mean, and how to fix them.
it’s part of the setroubleshoot package, which should be installed by default.
Simon
[...] » RedHat 5 SELinux Gets In My Way So I (well, Cliffy, Al, and I), took the short cut and set SELINUX=permissive in /etc/sysconfig/selinux (we could have gone with SELINUX=disabled, but this will help us learn…while we watch it fill our log files). (tags: selinux security redhat) [...]