Wednesday, April 8, 2015

Configuring SELinux to Allow HTTPD Scripts and Modules to Establish TCP Connections

In a PHP script that establishes database connection to a PostgreSQL database via TCP socket, I encountered a SELinux denial. The message in the error log is,


SELinux is preventing /usr/sbin/httpd from name_connect access on the tcp_socket.

A quick fix is to allow HTTPD scripts and modules to connect to the network using TCP, i.e., run the following,


sudo setsebool -P httpd_can_network_connect 1

By the way, the relevant system information is as follows,

  • Operating System (output of uname -sr): Linux 3.12.9-201.fc19.x86_64
  • SELinux Policy Module: selinux-policy.noarch, version 3.12.1-74.17.fc19

Posted by at
Labels: , ,

1 comment:

Subscribe to: Post Comments (Atom)