I've disabled SELinux protection of mysqld since it was causing major performance problems. This broke CGI scripts since httpd_script_t couldn't connect to the mysql unix domain socket. audit2allow created these rules which I put into local.te: allow httpd_sys_script_t var_t:dir getattr; allow httpd_sys_script_t initrc_t:unix_stream_socket connectto; allow httpd_t initrc_t:unix_stream_socket connectto; This fixed the problem. However, is mysqld supposed to be running as initrc_t instead of unconfined_t when mysqld_disable_trans is set? -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
