On Saturday 08 April 2017 09:38:07 Adrian Klaver wrote: > On 04/08/2017 06:26 AM, John Iliffe wrote: > > On Saturday 08 April 2017 00:10:14 Adrian Klaver wrote: > >> On 04/07/2017 07:45 PM, Joe Conway wrote: > >>> On 04/07/2017 05:35 PM, Adrian Klaver wrote: > >>>> On 04/07/2017 05:03 PM, John Iliffe wrote: > >>>>>>> Running on Fedora 25 with SELinux in PERMISSIVE mode. The audit > >>>>>>> log shows no hits on Postgresql. > >>>>> > >>>>> My going in position was/still is, that this is a SELinux security > >>>>> problem > >>>>> but I am finding SELinux to be the most opaque and badly > >>>>> documented software > >>>>> that I have ever had to deal with, which is why it is running in > >>>>> permissive > >>>>> mode at the moment. > >>>> > >>>> Well what I know about SELinux would fit in the navel of a flea(tip > >>>> of the hat to David Niven), so I can not be of much help there. The > >>>> reason I am returned this thread to the list, there are folks that > >>>> do understand it. > >>> > >>> If SELinux is running in permissive I don't see how it could be at > >>> fault for your issue. Did you verify that (getenforce)? > >>> > >>>>> -------------------------- > >>>>> [Fri Apr 07 17:03:28.597101 2017] [php7:warn] [pid 1797:tid > >>>>> 140599445419776] [client 192.168.1.10:45127] PHP Warning: > >>>>> pg_connect(): Unable to connect to PostgreSQL server: could not > >>>>> connect to server: No such file or directory\n\tIs the server > >>>>> running locally and > >>>>> accepting\n\tconnections on Unix domain socket > >>>>> "/tmp/.s.PGSQL.5432"? in /httpd/iliffe/testfcgi.php on > >>>>> line 121 ---------------------------- > >>> > >>> This might be a silly question, but is PHP running on the same > >>> server as Postgres? > >> > >> To add to this, previously you mentioned: > >> > >> "Also, using the on board firewall (firewalld) to provide a secondary > >> domain where the actual business processes run. " > >> > >> What exactly does that mean? > > > > I'm trying/planning to use firewalld to keep certain remote addresses > > from connecting to the mail server. Since I have it anyway, I want > > to strengthen the security by moving non-Internet connections > > internal of that firewall so only Apache is exposed to the Internet > > and the databases, etc, are internal. > > > > This is a Unix domain socket connection so I don't think the firewall > > should get involved. > > So what if you change the connection to use -h localhost? Can you please expand on that request? I'm not sure where you want me to put that directive. I'm using the mod_php module in Apache. > > > Since you raised the question, I added port 5432 to the open list in > > firewalld but it didn't make any difference, still not connecting. > > > >>> HTH, > >>> > >>> Joe -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
