SELinux: Letting Apache talk to MySQL on CentOS
UPDATE 2
type=AVC msg=audit(1318863312.959:435): avc: denied { connectto } for pid=12472 comm="httpd" path="/opt/chroot/mysql/var/lib/mysql/mysql.sock" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
You can build the custom SELinux policy module by following steps:
# grep httpd_t audit.log | audit2allow -m httpd > httpd.te
# checkmodule -M -m -o httpd.mod httpd.te
# semodule_package -m httpd.mod -o httpd.pp
# semodule -i httpd.pp
Refer to this topic for more details.
UPDATE
-
Run
semanage
command to add a context mapping for/opt/chroot/mysql/var/lib/mysql/
:# semanage fcontext -a -t mysqld_db_t "/opt/chroot/mysql/var/lib/mysql(/.*)?"
-
And use
restorecon
command to apply this context mapping:# restorecon -Rv /opt/chroot/mysql/var/lib/mysql
If you are connecting via TCP/IP, try this:
# setsebool -P httpd_can_network_connect 1