I am trying to connect Nextcloud to Redis using a Unix socket, but SELinux is blocking this. I know SELinux is what is causing the problem because when I disable it (sudo setenforce 0) the issue goes away.
I have made the following changes to the Redis config file so it would just be a Unix socket and added the apache user to the redis group.
Code: Select all
port 0
unixsocket /var/run/redis/redis.sock
unixsocketperm 770
Code: Select all
sudo sed -i 's/port 6379/port 0/g' /etc/redis.conf
sudo sed -i 's/# unixsocket \/tmp\/redis.sock/unixsocket \/var\/run\/redis\/redis.sock/g' /etc/redis.conf
sudo sed -i 's/# unixsocketperm 700/unixsocketperm 770/g' /etc/redis.conf
sudo gpasswd -a apache redis
Code: Select all
setsebool -P daemons_enable_cluster_mode 1
grep 'redis.sock' /var/log/audit/audit.log | audit2allow -M httpd-to-redis-socket
semodule -i httpd-to-redis-socket.pp
Below is the output of the audit.log:
Code: Select all
sudo grep 'redis.sock' /var/log/audit/audit.log
type=AVC msg=audit(1631378344.102:91): avc: denied { write } for pid=971 comm="php-fpm" name="redis.sock" dev="tmpfs" ino=23011 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:redis_var_run_t:s0 tclass=sock_file permissive=0
type=AVC msg=audit(1631378432.043:103): avc: denied { write } for pid=972 comm="php-fpm" name="redis.sock" dev="tmpfs" ino=23011 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:redis_var_run_t:s0 tclass=sock_file permissive=0
Code: Select all
module httpd-to-redis-socket 1.0;
require {
type httpd_t;
type redis_var_run_t;
class sock_file write;
}
#============= httpd_t ==============
allow httpd_t redis_var_run_t:sock_file write;
Thank you for your help