Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Fedora This forum is for the discussion of the Fedora Project.


  Search this Thread
Old 11-28-2004, 09:05 AM   #1
LQ Newbie
Registered: Nov 2001
Location: Amman - Jordan
Distribution: Slackware
Posts: 25

Rep: Reputation: 15
SELinux + Apache + MySQL + PHP

Hi all,
I'm playing around with Fedora3, trying to make apache + php + mysql play well together, but it seems SELinux is getting in the way. I keep getting: "#2002 - Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)" when using phpMyAdmin.
My understanding of the situation is that apache is running under a diffenet security domain than mysql, specifically apache is running "user_u:system_r:httpd_t" context, while the myqsl socket has the "user_ubject_r:var_lib_t" security context.
I know SELinux can be disabled, which I did by booting with the option "enforcing=0" and the whole thing worked great. Googling around gave the following url: , which also suggests turning off SELinux, which defeats the whole Security Enhanced thing!
The article about SELinux on Red Hat Magazine, , talks about "transition" between security domains, but doesn't specify how to actually implement it...

Any ideas?
Thanks in advance :-)
Old 12-17-2004, 01:17 PM   #2
LQ Newbie
Registered: Jul 2004
Location: England
Distribution: Fedora
Posts: 24

Rep: Reputation: 15
I've had the exact same problem, unfotunately I don't really have the time to spend messing around with it too much though.

I use my machine for software development and apache/mysql are crucial to my work, I've just turned SELinux off as its more trouble than its worth!
  • Firstly every time I put something on the webserver you've gotta chcon it - pain in the ass!
  • Sencondly I got the same error with phpMyAdmin 2002 cannot connect to socket

SELinux is a good idea but if it stops you working then that defeats the object of it entirely. I'm going to see if I can figure out a way to make it all run smoothly when I get some spare time and if I find anything I will post again.
Old 12-21-2004, 07:39 PM   #3
LQ Newbie
Registered: Jul 2003
Distribution: Fedora
Posts: 8

Rep: Reputation: 0
Disable the SELinux protection on the HTTPD will fix this problem. To do so:
- Go to the Security Level, under System Settings
- Click on the SELinux tab
- Drop down the HTTPD Service entry
- Check the box that says "Disable SELinux protection for httpd daemon"

This should work.

Have fun!!

Last edited by theteenager; 02-26-2006 at 11:16 PM.
Old 01-15-2005, 09:08 AM   #4
Registered: Nov 2004
Location: Brisbane, Australia
Distribution: Fedora Core 5
Posts: 89

Rep: Reputation: 15
You probably only need to restore all of the mysql file security contexts...
service mysqld stop
restorecon -v -R /usr/libexec/mysqld
restorecon -v -R /var/run/mysqld
restorecon -v /var/log/mysqld.log
restorecon -v -R /var/lib/mysql
restorecon -v /var/lib/mysql/mysql.sock
restorecon -v -R /etc/my.cnf
service mysqld start
That should do it..

Old 02-01-2005, 10:23 AM   #5
LQ Newbie
Registered: Mar 2004
Location: Russia
Posts: 13

Rep: Reputation: 0
But what i must do if i don't want to disable SELinux for httpd ?

Can anybody say what i must do for turning on apache + mysql + selinux ?

for info: i have FC3 without

in messages (after start mysqld + restorecon):

<bla-bla> kernel: audit(1106899796.621:0): avc: denied { write } for pid=2358 exe=/usr/sbin/httpd name=mysql.sock dev=dm-0 ino=292796 scontext=root:system_r:httpd_t tcontext=system_ubject_r:var_lib_t tclass=sock_file

2 Butt-Ugly:
1. after start mysql creates mysql.sock again with incorrect context
2. even i run restorecon again after mysqld's start it doesn't help
Old 02-04-2005, 01:41 PM   #6
LQ Newbie
Registered: Jun 2004
Location: Menlo Park, CA
Distribution: Fedora Core 3
Posts: 9

Rep: Reputation: 0
The *REAL* fix for this problem

This problem was hashed out in a fairly readable way in the RedHat fedora-selinux-list forum. The initial post is now at

You'll want to read most of the followups.

The preferred solution involves creating an selinux domain, "mysqld_t," that has permission to read and write a particular socket. Manipulating selinux sounds hairy, but the instructions are fairly straightforward. The correct solution is the first one suggested in

NB: the line that reads:
* service mysql restart
should read:
* service mysqld restart

good luck!

Last edited by KimMcCall; 02-04-2005 at 01:56 PM.
Old 03-28-2005, 11:06 PM   #7
Registered: Sep 2003
Location: North America
Distribution: FC6 FC7 F8
Posts: 75

Rep: Reputation: 15
Originally posted by sawoy
But what i must do if i don't want to disable SELinux for httpd ?

Can anybody say what i must do for turning on apache + mysql + selinux ?

Work through these two tutorials, I just did and have a working LAMP server running on FDC3 with selinux on and I got everything I needed from them.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
10.2 Apache PHP MySQL stevemad Slackware 11 09-30-2005 08:47 AM
Apache/PHP problems with Selinux enforcing.... maxie_fc3 Fedora 0 01-11-2005 08:40 AM
apache _ php +mysql rmocius@auste.e Slackware 0 03-02-2004 10:49 AM
Apache Mysql Php: mysql with php doesn't work breakerfall Linux - Networking 6 12-27-2003 09:59 PM
php-nuke with apache php mysql c0c0deuz Linux - Software 0 03-30-2003 07:23 AM > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 08:29 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration