Re: SELinux dropping PHP Connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2010/4/12 Marti, Robert <RJM002@xxxxxxxx>:
> It opened the port as far as SELinux is concerned.  Is the port firewalled off to localhost?
>
the port is not firewalled (not at the box level for sure), iptable shows:
/sbin/iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

and secondly I can (logged as Apache [given it a shell]) source the
URL I want to opend without any problem.

I did finally put SELinux completely off (/usr/sbin/setenforce 0) but
I should consider the last option to just allow HTTPD to connect.


> Rob Marti
>
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Johan Dindaine
> Sent: Monday, April 12, 2010 8:24 AM
> To: General Red Hat Linux discussion list
> Subject: Re: SELinux dropping PHP Connection
>
> not in message but in /var/log/audit/audit.log
> type=AVC msg=audit(1271075175.712:264486): avc:  denied  {
> name_connect } for  pid=31420 comm="httpd" dest=15000
> scontext=user_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
>
> I did run this command that has solved the problem:
> /usr/sbin/semanage port -a -t http_port_t -p tcp 15000
>
> but now I receive another error:
> Warning: file_get_contents(http://localhost:15000/...)
> [function.file-get-contents]: failed to open stream: Connection
> refused
>
> The previous command should have opened port 15000 so how the
> connection can be dropped now?
>
> 2010/4/12 Marti, Robert <RJM002@xxxxxxxx>:
>> Anything showing up in /var/log/messages?
>>
>> Sent from my iPhone
>>
>> On Apr 12, 2010, at 7:48, "Johan Dindaine" <jojolapin972@xxxxxxxxx>
>> wrote:
>>
>>> Good morning the list,
>>>
>>> I am managing a Red Hat server which has got a standar LAMP
>>> environment (PHP 5.3 + MYSQL 5.1 + Apache 2.2.3).
>>> When I am trying to parse files that are external to my network or out
>>> of my virtual host I got this weird error message:
>>> Warning: file_get_contents(http://localhost:15000/solr...)
>>> [function.file-get-contents]: failed to open stream: Permission denied
>>> I suspect that SELinux is dropping the connection as I haven't set up
>>> any limitation at PHP level (safe_mode is Off and allow_url_fopen is
>>> ON).
>>> My question is how can I modify this setting to allow my script to
>>> call this external URL?
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux