Apache Can't Use Remote MySQL Server When SELinux is Enabled

Posted on in System Administration

SELinuxI don't know why SELinux problems seem so frustrating. The problem almost certainly is related to the fact that there is frequently no error message. This is exactly the problem I ran into while turning up a new Apache web server on Red Hat Enterprise Linux 6 (RHEL6) with SELinux enabled.

<!--more-->

The problem is that SELinux prevents Apache from making network connections by default. This is defined by the SELinux boolean httpd_can_network_connect_db. In order to change this value, issue the following command:

# setsebool -P httpd_can_network_connect_db true

The -P indicates the command is persistent and that the setting should survive reboots.

For reference, here is a list of all httpd-related SELinux booleans and their default values in RHEL6:

# getsebool -a | egrep '^httpd'
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_manage_ipa --> off
httpd_read_user_content --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off

My Bookshelf

Reading Now

Other Stuff