Thursday, June 12, 2008

Apache httpd & SELinux


I'll admit straight away here that SELinux was news to me 6mths ago when I installed Centos5 (RHEL5 equivalent) for the first time. Since then I've found out a little, mainly because I had to.

SELinux lurks like a rake in the grass and whangs you on the noggin just when you're 100% sure you know what you're doing.

For example SELinux was the culprit when a pretty simple perl DBI script wasn't allowed to connect to a remote database when run as a CGI script, but the same script worked fine as a shell script. And the error was no more than an unhelpful and inscruitable "Can't create TCP/IP socket (13)".

Its been a real pain, so here are two things you may wish to read...

When pain strikes reach for: How to Disable SELinux turning it off is a sure fire way to find out if it really is an SELinux problem.

Then when you want to turn it back on again read this: Apache and SELinux to find out how to configure it to allow httpd to do some things without opening the door to everything.


Comments:

Nick said...

Thanks so much for this insight, I was having a major headache getting apache serving content from my NAS and a quick shut down of SELinux at least told me it wasn't my apache conf or my symlinks!

blog comments powered by Disqus

I know nothing, I'm not a fortune teller, and you'd be insane to think that I am. This disclaimer was cribbed from an email footer I once received. It is so ridiculous I had to have it for myself.

Statements in this blog that are not purely historical are forward-looking statements including, without limitation, statements regarding my expectations, objectives, anticipations, plans, hopes, beliefs, intentions or strategies regarding the future. Factors that could cause actual results to differ materially from the forward looking statements include risks and uncertainties such as any unforeseen event or any unforeseen system failures, and other risks. It is important to note that actual outcomes could differ materially from those in such forward-looking statements.

Danny Angus Copyright © 2006-2013 (OMG that's seven years of this nonsense)