Thursday, October 11, 2007

SELinux, Apache, phpMyAdmin, and a Remote MySQL Server

Today I ran into a little problem with phpMyAdmin talking to a remote MySQL server on a CentOS 5 machine. When I would try to connect to the server it would say that the host could not be reached. However, if I used the mysql cli I was able to connect. It turns out that the SELinux policy was prohibiting me from accomplishing this.

To fix this problem you need to modify the policy with the following command.
setsebool -P httpd_can_network_connect=1

This change is instant and persistent, so it will survive a reboot.

3 comments:

  1. Now if only I had found this post about four hours ago... I have just stumbled my way through this very problem and figured it out myself, sort of. I noticed that my PHP would connect to a MySQL server when I invoked the script from the command line, but not from a browser. Ah HA! Could selinux be stopping Apache from... ? So you 'tail /var/log/messages' and it tells you:

    For complete SELinux messages. run sealert -l c88fab62-2227-485a-b775-9c1a18b82fba

    which in turn tells you to setsebool.

    c88fab62-2227-485a-b775-9c1a18b82fba, mind you. Common sense, right?

    ReplyDelete
  2. Thanks man. The problem is even more tricky if you have lighttpd as web server. Could not find anything to solve this issue. This would worth a note on phpmyadmin site too.

    ReplyDelete