Topic: php82-php-mysqlnd and SELinux
Hi forum,
under CentOS7 my app using PHP 7.4 will work fine.
But under Rocky9 using PHP 8.2 the database connection fails.
It looks like SELinux will block the connection:
==> /var/log/audit/audit.log <==
type=AVC msg=audit(1675070878.877:25226): avc: denied { connectto } for pid=804260 comm="php-fpm" path="/var/lib/mysql/mysql.sock" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:unconfined_s
ervice_t:s0 tclass=unix_stream_socket permissive=0
type=SYSCALL msg=audit(1675070878.877:25226): arch=c000003e syscall=42 success=no exit=-13 a0=8 a1=7ffeeea1b190 a2=1b a3=55c6c8884b00 items=0 ppid=788377 pid=804260 auid=4294967295 uid=48 gid=48 euid=48 suid=48
fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="php-fpm" exe="/opt/remi/php82/root/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="ap
ache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
audit2why say that an rule is missing:
type=AVC msg=audit(1675071410.210:25295): avc: denied { connectto } for pid=788378 comm="php-fpm" path="/var/lib/mysql/mysql.sock" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_stream_socket permissive=1
Was caused by:
Missing type enforcement (TE) allow rule
The app is calling MariaDB via the local socket.