Last Updated: February 25, 2016
·
381
· geetotes

SELinux, spawn of Satan

For the second time in 24 hours, I've had an unusual problem caused by the restrictions that SELinux puts on a system. This time, it was the relatively simple matter of having an apache server talk to an external database.

While I could connect to the database fine from the command line, when trying to run a php script to connect, I would receive a permission denied error asking me to check if the TCP port was open.

Turns out SELinux, in its eternal hyper-vigilance, was preventing httpd from connecting to an outside server. Using the setsebools function (as root, of course), I was able to remedy this

setsebool -P httpd_can_network_connect 1

You can check out all the other crazy things SELinux is restricting with

getsebool -a

When changing one of the SEbools, I strongly recommend tail -F ing /var/log/messages so you can follow what's going on (as the process tends to take a long time and makes me nervous)