SELinux is preventing /usr/sbin/httpd from name_connect access on the tcp_socket .
***** Plugin catchall_boolean (47.5 confidence) suggests *******************
If 您要 allow httpd to can
network connect
Then 您必须启用 ‘httpd_can_network_connect‘ 布尔值告知 SELinux
此情况。
您可以阅读 ‘None‘ 手册页面来了解详情。
Do
setsebool
-P httpd_can_network_connect 1
***** Plugin catchall_boolean (47.5 confidence) suggests *******************
If 您要 allow httpd to can
network connect db
Then 您必须启用 ‘httpd_can_network_connect_db‘ 布尔值告知
SELinux 此情况。
您可以阅读 ‘None‘ 手册页面来了解详情。
Do
setsebool
-P httpd_can_network_connect_db 1
***** Plugin catchall (6.38 confidence) suggests ***************************
If 您确定应默认允许 httpd name_connect 访问 tcp_socket。
Then 您应该将这个情况作为 bug
报告。
您可以生成本地策略模块允许这个访问。
Do
请执行以下命令此时允许这个访问:
# grep httpd
/var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context
system_u:system_r:httpd_t:s0
Target Context
system_u:object_r:mysqld_port_t:s0
Target Objects [
tcp_socket ]
Source httpd
Source Path
/usr/sbin/httpd
Port 3306
Host
localhost.localdomain
Source RPM Packages
httpd-2.4.6-2.fc19.x86_64
Target RPM Packages
Policy RPM
selinux-policy-3.12.1-74.15.fc19.noarch
Selinux Enabled
True
Policy Type targeted
Enforcing Mode
Enforcing
Host Name localhost.localdomain
Platform
Linux localhost.localdomain
3.11.10-200.fc19.x86_64 #1 SMP Mon Dec 2 20:28:03
UTC 2013 x86_64 x86_64
Alert Count 6
First Seen
2013-12-18 23:14:51 CST
Last Seen 2013-12-19
00:12:19 CST
Local ID
f9df0c49-b6e4-4c78-8a14-271b6c0ca568
Raw Audit Messages
type=AVC msg=audit(1387383139.610:475): avc: denied {
name_connect } for pid=1477 comm="httpd" dest=3306
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1387383139.610:475): arch=x86_64 syscall=connect
success=no exit=EACCES a0=b a1=7f3297136c10 a2=10 a3=3 items=0 ppid=885 pid=1477
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48
ses=4294967295 tty=(none) comm=httpd exe=/usr/sbin/httpd
subj=system_u:system_r:httpd_t:s0 key=(null)
Hash: httpd,httpd_t,mysqld_port_t,tcp_socket,name_connect