Red Hat Bugzilla – Bug 164700
fopen refuses to open URL when selinux enforced
Last modified: 2007-11-30 17:11:10 EST
Hi Joe, Dan and Steven,
I'm not sure if this is the php, selinux or audit issue, so please forgive me
that I addressed it to you all. Possibly, it may be an upgrade issue, so please
forward this to whom it may concern.
Description of problem:
I have this simple php script on my FC4 box (upgraded from FC3):
$fp = fopen("http://hq.cz", "r");
if (! $fp) die('error');
which fails with:
Warning: fopen(http://hq.cz) [function.fopen]: failed to open stream: Permission
denied in /.. path removed ../test.php on line 2
Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.25.3-6 (tried also with 1.25.3-8)
Steps to Reproduce:
1. Install FC3 and upgrade to FC4.
2. Run example script.
- fopen call fails with warning and there is no message in audit log concerning
that, even if the URL opening has been refused by SELinux targetted policy
- fopen should open the URL without any problem
- there is a strange message in audit log (please focus on line 4 of the
attachment) when trying to restart audit daemon,
- allow_url_fopen is enabled in php.ini
Everything works fine when:
- setenforce 0 is called,
- setenforce 1 is called but the script is called from the command line using
php -q test.php
Created attachment 117311 [details]
Please try "setsebool httpd_can_network_connect=1" (with -P to make the change
Thank you, Joe. It works, but it does not solve the problem with unrecognized
netlink message. Do you have any clue what it means? Should I report it as a
separate auditd bug?
If you are running the latest updates, then yes please.
The unrecognized netlink message is covered by bz #163500, #155480, and #163175.
So...its well documented.