apache and httpd_can_network_connect_db

Metsger · Post by **Metsger** » 2009/11/27 04:13:29

How to add port of MSSQL(1433) to httpd_can_network_connect_db or add some changes in apache policy? I know about httpd_can_network_connect but this is not my way.

yyagol · Post by **yyagol** » 2009/11/27 07:14:54

have you checked SELinux attributes ?
[code]getsebool -a | grep httpd[/code]

Metsger · Post by **Metsger** » 2009/11/27 07:31:40

httpd_can_network_connect_db and httpd_can_network_connect is off

yyagol · Post by **yyagol** » 2009/11/27 07:47:51

and if you turn them up (setsebool) ? will it work ?

Metsger · Post by **Metsger** » 2009/11/28 04:10:11

httpd_can_network_connect-db 1 - don't work
httpd_can_network_connect - work, but it's not good for security reason

yyagol · Post by **yyagol** » 2009/11/28 16:36:59

If you want to add a non standard port to mysql SELinux policy
you may need to use [b]semanage[/b] for that

[code][root@example ~]# semanage port -l | grep mysql
mysqld_port_t tcp 1186, 3306

and now adding ports is done with
[root@example ~]# semanage port -a -t mysqld_port_t -p tcp 1433

verify with
[root@example ~]# semanage port -l | grep mysql
mysqld_port_t tcp 1433, 1186, 3306[/code]
same way is with http .
hope this can help you
please provide avc error from logs for resolving SELinux problems

Metsger · Post by **Metsger** » 2009/12/01 06:16:26

Thanks, this is good idea.

CentOS