The selinux boolean httpd_can_network_connect_db permits httpd to connect to MySQL and Postgre servers, but not MSSQL, making PHP+MSSQL something of a pain -- one can either hack around the problem by semanage'ing mysql_t to include the MSSQL port, or use the catch-all httpd_can_network_connect. Either the network_connect_db flag should permit MSSQL connections too, or it should be split into can_network_connect_mysql, _postgre, _mssql, _oracle, etc which is at least clearer than "db" which suggests you've caught all common database types. Reporting here on the advice of CentOS admins, having initially reported at http://bugs.centos.org/view.php?id=4226
Seems reasonable. Miroslav add network_port(mssql, tcp,1433,s0, tcp,1434,s0, udp,1433,s0, udp,1434,s0) And tunable_policy(`httpd_can_network_connect_db',` ... corenet_tcp_connect_mssql_port(httpd_t) corenet_sendrecv_mssql_client_packets(httpd_t) corenet_tcp_connect_mssql_port(httpd_sys_script_t) corenet_sendrecv_mssql_client_packets(httpd_sys_script_t) corenet_tcp_connect_mssql_port(httpd_suexec_t) corenet_sendrecv_mssql_client_packets(httpd_suexec_t) to apache.te
Fixed in selinux-policy-2.4.6-281.el5.noarch
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Previously, the "httpd_can_network_connect_db" boolean did not allow the httpd service to connect to Microsoft SQL Server (MSSQL). This error has been fixed, the boolean has been modified, and the relevant policy code has been added to define mssql port.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0026.html