akhirnya setelah seharian mengotak atik postgresql + php, dimana php nya gak mau connect ke postgresqlnya
dan mendapatkan pesen di /var/log/audit/audit.log
dalam hal ini connect dari command line berhasil akan tetapi dari php gak bisa alias httpd cannt
type=AVC msg=audit(1124098046.103:2735300): avc: denied { name_connect } for pid=12013 comm=”httpd” dest=5432 scontext=root:system_r:httpd_t tcontext=system_u:object_r:postgresql_port_t tclass=tcp_socke
setelah mencari seharian di google.com dan tidak ketemu, ya akhirnya tanya ke pak bos deh
caranya :
[root@cachak ~]# sestatus | grep httpd allow_httpd_anon_write inactive allow_httpd_sys_script_anon_write inactive httpd_builtin_scripting active httpd_can_network_connect inactive httpd_disable_trans inactive httpd_enable_cgi active httpd_enable_homedirs active httpd_ssi_exec active httpd_suexec_disable_trans inactive httpd_tty_comm inactive httpd_unified active [root@cachak ~]# sestatus | grep postgr postgresql_disable_trans inactive [root@cachak ~]# sestatus | grep sql mysqld_disable_trans inactive postgresql_disable_trans inactive [root@cachak ~]#
nah disitu kelihat bahwa :
httpd_can_network_connect inactive
yang aku lakukan adalah :
[root@cachak ~]# rpm -q -l php | restorecon -R -v -f - [root@cachak ~]# rpm -q -l php-pgsql | restorecon -R -v -f - [root@cachak ~]# rpm -q -l postgresql | restorecon -R -v -f - [root@cachak ~]# rpm -q -l postgresql-server | restorecon -R -v -f - [root@cachak ~]# rpm -q -l httpd | restorecon -R -v -f - [root@cachak ~]# rpm -q -l postgresql-libs | restorecon -R -v -f - [root@cachak ~]# setsebool httpd_can_network_connect=1 [root@cachak ~]# sestatus | grep httpd_can_network_connect httpd_can_network_connect active [root@cachak ~]# [root@cachak ~]# /etc/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] [root@cachak ~]# /etc/init.d/postgresql restart Stopping postgresql service: [ OK ] Starting postgresql service: [ OK ] [root@cachak ~]#
selesai sudah 🙂
sangat membantu, makasih
thanks