Hi,
I run mysqld on another server. I just switched to another dedicated server now, and i'm having trouble connecting to the mysqld server.
If i run the php script from the bash console( php connect.php ) it works perfectly and connects to the mysqld server.
However, if i run the script from apache ( http://localhost/connect.php ) it returns this: Can't connect to MySQL server on '(mysqld real ip)' (13)
Mysql connection from another server(old httpd server) works perfectly, so it's not from the database server.
Please advise.
Thanks
MySQL not working from apache
MySQL not working from apache
The (13) indicates EACCES (Permission denied). See if there's an audit message in /var/log/audit/audit.log that gives more information on why permission was denied.
Regards,
Steve
Regards,
Steve
Re: MySQL not working from apache
I see this:
[code]
type=AVC msg=audit(1243289718.439:11107): avc: denied { name_connect } for pid=9255 comm="httpd" dest=3306
scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1243289718.439:11107): arch=c000003e syscall=42 success=no exit=-13 a0=c a1=7fff67042110 a2=10 a3=7fff670417e0 items=0
ppid=9247 pid=9255 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=9 comm="httpd"
exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)[/code]
Any ideea how to fix?
Thanks a lot
Bogdan
[code]
type=AVC msg=audit(1243289718.439:11107): avc: denied { name_connect } for pid=9255 comm="httpd" dest=3306
scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1243289718.439:11107): arch=c000003e syscall=42 success=no exit=-13 a0=c a1=7fff67042110 a2=10 a3=7fff670417e0 items=0
ppid=9247 pid=9255 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=9 comm="httpd"
exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)[/code]
Any ideea how to fix?
Thanks a lot
Bogdan
Re: MySQL not working from apache
[quote]
w0d3n wrote:
Any ideea how to fix?[/quote]
I'm still kinda new to this SELinux permission stuff (just started studying it today). But based on an example in the semanage manpage, I'd try:
[quote]
semanage port -a -t httpd_port_t -p tcp 3306[/quote]
Your httpd's context (the scontext, or source context) is [i]root:system_r:httpd_t:s0[/i], so its type is [i]httpd_t[/i]. You want it to be able to open TCP Port 3306, the [i]mysqld[/i] port. The above command should open that up. If not, somebody more experienced than I will have to chime in... :-)
EDIT: initially I suggested [i]-t httpd_t[/i], which jives with the ensuing explanation. But when I did [i]semanage port -l[/i] to list all the existing port policies, I saw that they all used [i]something_port_t[/i] so I changed my mind. Then I hit [i]Submit[/i] without changing the explanation. If anyone has such an explanation, I'd love to hear it!
Regards,
Steve
w0d3n wrote:
Any ideea how to fix?[/quote]
I'm still kinda new to this SELinux permission stuff (just started studying it today). But based on an example in the semanage manpage, I'd try:
[quote]
semanage port -a -t httpd_port_t -p tcp 3306[/quote]
Your httpd's context (the scontext, or source context) is [i]root:system_r:httpd_t:s0[/i], so its type is [i]httpd_t[/i]. You want it to be able to open TCP Port 3306, the [i]mysqld[/i] port. The above command should open that up. If not, somebody more experienced than I will have to chime in... :-)
EDIT: initially I suggested [i]-t httpd_t[/i], which jives with the ensuing explanation. But when I did [i]semanage port -l[/i] to list all the existing port policies, I saw that they all used [i]something_port_t[/i] so I changed my mind. Then I hit [i]Submit[/i] without changing the explanation. If anyone has such an explanation, I'd love to hear it!
Regards,
Steve
Re: MySQL not working from apache
I've set SElinux into permisive mode and now seems to work.
Thank you a lot :D
Bogdan
Thank you a lot :D
Bogdan