thr3ads.net - CentOS - [CentOS] How to get Bugzilla working on CentOS 5.2 with SELinux turned on? [Nov 2008]

If this information is useful, please help other people find it:
Share via:

Aleksey Tsalolikhin

2008-Nov-04 22:43 UTC

[CentOS] How to get Bugzilla working on CentOS 5.2 with SELinux turned on?

Hi.  Has anyone figured out how to get Bugzilla working on CentOS 5.2
WITHOUT TURNING OFF SELINUX?

I've run

       chcon -R --reference=/var/www/html /path/to/bugzilla

and added the following module (generated by audit2allow), but am
still getting errors in my Web browser tryinig to use Bugzilla:

Software error:
Can't connect to the database.
Error: could not connect to server: Permission denied
	Is the server running on host "localhost" and accepting
	TCP/IP connections on port 5432?
  Is your database installed and up and running?
  Do you have the correct username and password selected in localconfig?


And there is an AVC denial as well:

type=AVC msg=audit(1225832104.970:405): avc:  denied  { connect } for
pid=30831 comm="index.cgi"
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=tcp_socket


Here is the module I added:

module local 1.0;

require {
        type httpd_sys_script_t;
        class tcp_socket setopt;
}

#============= httpd_sys_script_t =============allow httpd_sys_script_t
self:tcp_socket setopt;
[root at hwd-ddc-app-prod01 selinux]#


httpd_sys_script_t =============allow httpd_sys_script_t self:tcp_socket setopt;




I've tried running the AVC denial message through audit2allow again,
but it just produced the same module that I already have loaded.

Any suggestions?

Thanks,
Aleksey



-- 
Aleksey Tsalolikhin
UNIX System Administrator
"I get stuff done!"
http://www.lifesurvives.com/

Filipe Brandenburger

2008-Nov-04 23:47 UTC

head link

[CentOS] How to get Bugzilla working on CentOS 5.2 with SELinux turned on?

Hi,

On Tue, Nov 4, 2008 at 17:43, Aleksey Tsalolikhin
<atsaloli.tech at gmail.com> wrote:> Software error:
> Can't connect to the database.
> Error: could not connect to server: Permission denied
>        Is the server running on host "localhost" and accepting
>        TCP/IP connections on port 5432?
>  Is your database installed and up and running?
>  Do you have the correct username and password selected in localconfig?
You seem to be having problems connecting to the db.

Try this:

# setsebool -P httpd_can_network_connect_db 1

(The command above will make the setting permanent.)

I verified that Bugzilla also tries to check its website for updates,
so for that to work you will also need:

# setsebool -P httpd_can_network_connect 1

HTH,
Filipe

Apparently Analagous Threads

Search for more seemingly similar threads

CentOS - Nov 2008 - How to get Bugzilla working on CentOS 5.2 with SELinux turned on?

[CentOS] How to get Bugzilla working on CentOS 5.2 with SELinux turned on?

[CentOS] How to get Bugzilla working on CentOS 5.2 with SELinux turned on?

Apparently Analagous Threads