Apache Can't Use Remote MySQL Server When SELinux is Enabled

Posted on in System Administration

cover image for article

I don't know why SELinux problems seem so frustrating. The problem almost certainly is related to the fact that there is frequently no error message. This is exactly the problem I ran into while turning up a new Apache web server on Red Hat Enterprise Linux 6 (RHEL6) with SELinux enabled.

The problem is that SELinux prevents Apache from making network connections by default. This is defined by the SELinux boolean httpd_can_network_connect_db. In order to change this value, issue the following command:

setsebool -P httpd_can_network_connect_db true

The -P indicates the command is persistent and that the setting should survive reboots.

For reference, here is a list of all httpd-related SELinux booleans and their default values in RHEL6:

# getsebool -a | egrep '^httpd'
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_manage_ipa --> off
httpd_read_user_content --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off

My Bookshelf

Reading Now

Other Stuff