Red Hat Bugzilla – Bug 570481
SELinux policy should include a Boolean for MSSQL
Last modified: 2012-10-16 07:07:10 EDT
The selinux boolean httpd_can_network_connect_db permits httpd to connect to MySQL and Postgre servers, but not MSSQL, making PHP+MSSQL something of a pain -- one can either hack around the problem by semanage'ing mysql_t to include the MSSQL port, or use the catch-all httpd_can_network_connect.
Either the network_connect_db flag should permit MSSQL connections too, or it should be split into can_network_connect_mysql, _postgre, _mssql, _oracle, etc which is at least clearer than "db" which suggests you've caught all common database types.
Reporting here on the advice of CentOS admins, having initially reported at http://bugs.centos.org/view.php?id=4226
network_port(mssql, tcp,1433,s0, tcp,1434,s0, udp,1433,s0, udp,1434,s0)
Fixed in selinux-policy-2.4.6-281.el5.noarch
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Previously, the "httpd_can_network_connect_db" boolean did not allow the httpd service to connect to Microsoft SQL Server (MSSQL). This error has been fixed, the boolean has been modified, and the relevant policy code has been added to define mssql port.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.