Bug 187990 - avc denied messages when using the php-pgsql package
avc denied messages when using the php-pgsql package
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
Depends On:
  Show dependency treegraph
Reported: 2006-04-05 02:38 EDT by Ben
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-04-07 06:06:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ben 2006-04-05 02:38:39 EDT
Targeted policy appears to not support the php-pgsql package, as indicated by
the following AVC message generated any time a php page with a postgres
connection is served up:

kernel: audit(1144219249.530:10): avc:  denied  { name_connect } for  pid=3474
comm="httpd" dest=5432 scontext=root:system_r:httpd_t:s0
tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket
Comment 1 Daniel Walsh 2006-04-05 08:45:03 EDT
setsebool -P httpd_can_network_connect_db=1

You need to turn on the httpd database boolean.  

Comment 2 Ben 2006-04-05 20:51:52 EDT
excellent, thank you.

This would seem to be a bug against php-pgsql, then? I'm reassigning it to php
for lack of a php-pgsql component.
Comment 3 Joe Orton 2006-04-07 06:06:57 EDT
When you reassign a bug you need to check the "Reassign bug to owner and QA
contact of selected component" link otherwise it gets lost in limbo.

But no: this is desired default behaviour; you have to specifically enable the
boolean as Dan explained.

Note You need to log in before you can comment on or make changes to this bug.