SELinux is preventing /usr/sbin/httpd from connectto access on the unix_stream_socket /var/lib/mysql/mysql.sock.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that httpd should be allowed connectto access on the mysql.sock unix_stream_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep /usr/sbin/httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context unconfined_u:system_r:httpd_t:s0
Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Objects /var/lib/mysql/mysql.sock [ unix_stream_socket ]
Source /usr/sbin/httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host hexenmeister
Source RPM Packages httpd-2.2.21-1.fc16
Target RPM Packages
Policy RPM selinux-policy-3.10.0-46.fc16
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name hexenmeister
Platform Linux hexenmeister 3.1.0-7.fc16.x86_64 #1 SMP Tue
Nov 1 21:10:48 UTC 2011 x86_64 x86_64
Alert Count 13
First Seen Mon 26 Dec 2011 09:13:51 AM CST
Last Seen Tue 24 Jan 2012 07:45:05 PM CST
Local ID 13679772-cd1a-4414-8fe0-17db5c12c0f9
Raw Audit Messages
type=AVC msg=audit(1327455905.131:121): avc: denied { connectto } for pid=6215 comm="/usr/sbin/httpd" path="/var/lib/mysql/mysql.sock" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
type=SYSCALL msg=audit(1327455905.131:121): arch=x86_64 syscall=connect success=no exit=EACCES a0=10 a1=7fffbec545a0 a2=6e a3=0 items=0 ppid=6211 pid=6215 auid=1000 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=2 comm=/usr/sbin/httpd exe=/usr/sbin/httpd subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Hash: /usr/sbin/httpd,httpd_t,unconfined_t,unix_stream_socket,connectto
audit2allow
#============= httpd_t ==============
allow httpd_t unconfined_t:unix_stream_socket connectto;
audit2allow -R
#============= httpd_t ==============
allow httpd_t unconfined_t:unix_stream_socket connectto;
So I guess it has blocked the access, I tried a command to allow access that posted another user on my thread, but didn't work... How can I unlock it? I've never used SELinux...
Thanks for your help!
On Mon, Jan 23, 2012 at 1:04 PM, bruce <badouglas@xxxxxxxxx> wrote:
are you running selinux?On Mon, Jan 23, 2012 at 1:05 PM, Fedora Linux <fedoralinux@xxxxxxxxxxxxxxxxx> wrote:
HelloBy command line I am able to connect normally, so the problem is not MySQL... I use "mysql -u root -h localhost -p" and it works... Note that the application also uses root since it must create the database and a user for the application...I have tried to restart MySQL and the whole system, but it still does not connect from PHPThe error is:[error] [client ::1] PHP Warning: mysql_connect(): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) in /var/www/html/install2.php on line 22, referer: http://localhost/install.phpSo I guess the problem is in the PHP, Apache or on the interface between MySQL and Apache/PHP...Any other suggestion?Regards
On Sun, Jan 22, 2012 at 12:04 PM, bruce <badouglas@xxxxxxxxx> wrote:hi...
ok.. basic debug stuff.. skip if you've already done..
-using the user/passwd.. can you access mysql from the cmdline..
[i assume you can]
-what are the permissions on the mysql db/tbls? have they changed?
--did you stop/restart mysql?
-what do the mysql logs say?
let us know..On Sun, Jan 22, 2012 at 12:28 PM, Mike Wright <mike.wright@xxxxxxxxxxxxxx> wrote:
On 01/22/2012 07:02 AM, Fedora Linux wrote:
Hello
I have a web application but it is not working on my Fedora 16 with PHP,
for some reason it is unable to connect to the MySQL server, it returns
the error:
[Sun Jan 22 08:40:24 2012] [error] [client ::1] PHP Warning:
mysql_connect(): Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (13) in /var/www/html/install2.php on line
22, referer: http://localhost/install.php
Notice that the user/password is correct, the PHP is installed and
working and MySQL is up and running...
Even the socket is there
# ls -l /var/lib/mysql/mysql.sock
srwxrwxrwx. 1 mysql mysql 0 Jan 22 08:37 /var/lib/mysql/mysql.sock
What can be the problem? The application is okay, I am using it in a
production server and it is running in 2 other local computers (with
slackware) for testing purposes...
This is the first time that I can't connect to MySQL via PHP... I don't
know if it requires an extra configuration or there is a missing package
that I should install... the httpd log does not give more details...
Thanks for any help!
Do you have port 3306 open on your firewall?
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
