SELinux: Letting Apache talk to MySQL on CentOS

mysql apache-2.2 centos selinux

UPDATE 2

type=AVC msg=audit(1318863312.959:435): avc: denied { connectto } for pid=12472 comm="httpd" path="/opt/chroot/mysql/var/lib/mysql/mysql.sock" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

You can build the custom SELinux policy module by following steps:

# grep httpd_t audit.log | audit2allow -m httpd > httpd.te
# checkmodule -M -m -o httpd.mod httpd.te
# semodule_package -m httpd.mod -o httpd.pp 
# semodule -i httpd.pp

Refer to this topic for more details.

UPDATE

  1. Run semanage command to add a context mapping for /opt/chroot/mysql/var/lib/mysql/:

    # semanage fcontext -a -t mysqld_db_t "/opt/chroot/mysql/var/lib/mysql(/.*)?"

  2. And use restorecon command to apply this context mapping:

    # restorecon -Rv /opt/chroot/mysql/var/lib/mysql

If you are connecting via TCP/IP, try this:

# setsebool -P httpd_can_network_connect 1

Related

Percona-server time out on /etc/init.d/mysql start
Windows Server 2008 R2: User account set to not show on login
Redirect all non-www subdomains to main www domain with Apache2
Recover mysql database - mysql/mysqldump gives "table <database>.<tablename> doesn't exist (1146)"
What is a good cost effective IT asset management solution?
Can I "register" python scripts to execute on Windows?
Dovecot Migration and old mails
How do I delete ESXi vm snapshots using the least additional space possible?
Apache Failover and Load Balancing
What is Best NAS solution for windows workgroup? freenas or openfiler
How do you set password-hash for OpenLDAP?
How to set ulimits in Solaris 10