From Bugzilla Helper: User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12 Description of problem: A php script is setup to access mysql through 'localhost'. The database fails to open. The following log is given: Jan 2 12:08:18 voltaic kernel: audit(1104685698.767:0): avc: denied { connectto } for pid=16699 exe=/usr/sbin/httpd path=/var/lib/mysql/mysql.sock scontext=root:system_r:httpd_t tcontext=root:system_r:unconfined_t tclass=unix_stream_socket Priviledges for /var/lib/mysql/mysql.sock are: srwxrwxrwx mysql mysql system_u:object_r:mysqld_var_run_t mysql.sock Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.58 How reproducible: Always Steps to Reproduce: 1. 2. 3. Expected Results: database should open via a socket file Additional info: httpd-2.0.52-3.1, php-4.3.10-3.2, php-mysql-4.3.10-3.2 Adding the following to /etc/selinux/targeted/src/policy/domains/misc/local.te ifdef(`mysqld.te', ` allow httpd_t unconfined_t:unix_stream_socket connectto; ') and reloading the policy allows this to work.
The problem here is that your mysql is labeled incorrectly. You need to relabel your system or at least the mysql rpm -q -l mysql mysql-server | restorecon -R -v -f -
That seems to have been it: [root@voltaic thraxisp]# rpm -q -l mysql mysql-server | /sbin/restorecon -R -v -f - /sbin/restorecon reset context /usr/libexec/mysqld->system_u:object_r:mysqld_exec_t /sbin/restorecon reset context /var/run/mysqld->system_u:object_r:mysqld_var_run_t /sbin/restorecon reset context /var/run/mysqld/mysqld.pid->system_u:object_r: mysqld_var_run_t It seems that you need to relabel mysql-server after bringing it up for the first time.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-251.html