RedHat 5 SELinux Gets In My Way

WordPress DB Connection Problem

Ack, my WordPress suffers connectile dysfunction on a fresh install of RedHat 5! Not only did I get the above message, but dmesg was filling up with errors like this:

audit(1179258445.529:38): avc: denied { name_connect } for pid=3332 comm=“httpd” dest=3306 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket

It turns out that I was getting stung by SELinux, which is enabled by default in RedHat 5. All the extra security is probably a good idea, if I knew how to configure it, but for the moment it was breaking a live site.

So I (well, Cliffy, Al, and I), took the short cut and set SELINUX=permissive in /etc/sysconfig/selinux (we could have gone with SELINUX=disabled, but this will help us learn…while we watch it fill our log files).

None of this would be a problem, likely, if I wasn’t using a remote MySQL server, but….

SELinux, RedHat 5, mysql blocked, connection problem, disable selinux

3 thoughts on “RedHat 5 SELinux Gets In My Way

  1. Would still potentially pose the same problems. At least if I am understanding you correctly. SELinux is more like a system firewall rather than a network firewall, so processes are restricted to their permissions, regardless of where the process is being executed. So, httpd was trying to operate outside the boundaries set within SELinux.

    At least if I remember correctly. It has been a few years since I have messed with it at all.

  2. sealert is your friend. It goes through the error logs, and tells you what all the selinux alerts and denials mean, and how to fix them.

    it’s part of the setroubleshoot package, which should be installed by default.


  3. Pingback: links for 2008-01-08 « PaxoBlog

Comments are closed.