Hi Joe, Dan and Steven, I'm not sure if this is the php, selinux or audit issue, so please forgive me that I addressed it to you all. Possibly, it may be an upgrade issue, so please forward this to whom it may concern. Thank you, Jirka Pech Description of problem: I have this simple php script on my FC4 box (upgraded from FC3): <?php $fp = fopen("http://hq.cz", "r"); if (! $fp) die('error'); fclose($fp); ?> which fails with: Warning: fopen(http://hq.cz) [function.fopen]: failed to open stream: Permission denied in /.. path removed ../test.php on line 2 Version-Release number of selected component (if applicable): audit-libs-0.9.19-2.FC4 audit-0.9.19-2.FC4 selinux-policy-targeted-1.25.3-6 (tried also with 1.25.3-8) libselinux-1.23.10-2 php-5.0.4-10.3 php-imap-5.0.4-10.3 php-mbstring-5.0.4-10.3 php-devel-5.0.4-10.3 php-pear-5.0.4-10.3 php-ldap-5.0.4-10.3 php-mysql-5.0.4-10.3 php-xmlrpc-5.0.4-10.3 php-gd-5.0.4-10.3 php-soap-5.0.4-10.3 How reproducible: Always. Steps to Reproduce: 1. Install FC3 and upgrade to FC4. 2. Run example script. Actual results: - fopen call fails with warning and there is no message in audit log concerning that, even if the URL opening has been refused by SELinux targetted policy Expected results: - fopen should open the URL without any problem Additional info: - there is a strange message in audit log (please focus on line 4 of the attachment) when trying to restart audit daemon, - allow_url_fopen is enabled in php.ini Everything works fine when: - setenforce 0 is called, - setenforce 1 is called but the script is called from the command line using php -q test.php
Created attachment 117311 [details] Audit log
Please try "setsebool httpd_can_network_connect=1" (with -P to make the change permanent.
Thank you, Joe. It works, but it does not solve the problem with unrecognized netlink message. Do you have any clue what it means? Should I report it as a separate auditd bug? Jirka Pech
If you are running the latest updates, then yes please.
The unrecognized netlink message is covered by bz #163500, #155480, and #163175. So...its well documented.