You still need to add rules allowing httpd to talk to mysqld. Adding mysqld.te just created a separate domain for it (not sure about the log file problem). So you still need to add: allow httpd_t mysqld_var_run_t:sock_file rw_file_perms; can_unix_connect(httpd_t, mysqld_t) can_unix_send(httpd_t, mysqld_t) -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
