[Mysql] Php non si connette al database

[Alessio Puppi]

Salve a tutti,

Ho il seguente problema: ho creato una pagina php che si collega al database Mysql però ricevo il seguente messaggio d'errore

Warning: mysqli::mysqli(): (HY000/2003): Can't connect to MySQL server on '127.0.0.4' (13) in /var/www/html/sito/index.php on line 134 Errore in connessione al DBMS: Can't connect to MySQL server on '127.0.0.4' (13)

Nel frattempo il sistema operativo, Fedora, mi visualizza un messaggio di errore:

SELinux is preventing /usr/sbin/httpd from name_connect access on the tcp_socket port 3306.

***** Plugin catchall_boolean (47.5 confidence) suggests *******************

If you want to allow HTTPD scripts and modules to connect to the network using any TCP port.
Then you must tell SELinux about this by enabling the 'httpd_can_network_connect' boolean.
Do
setsebool -P httpd_can_network_connect 1

***** Plugin catchall_boolean (47.5 confidence) suggests *******************

If you want to allow HTTPD scripts and modules to connect to databases over the network.
Then you must tell SELinux about this by enabling the 'httpd_can_network_connect_db' boolean.
Do
setsebool -P httpd_can_network_connect_db 1

***** Plugin catchall (6.38 confidence) suggests ***************************

If you believe that httpd should be allowed name_connect access on the port 3306 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Contesto della sorgente system_u:system_r:httpd_t:s0
Contesto target system_ubject_r:mysqld_port_t:s0
Oggetti target port 3306 [ tcp_socket ]
Sorgente httpd
Percorso della sorgente /usr/sbin/httpd
Porta 3306
Host devux.pial
Sorgente Pacchetti RPM httpd-2.2.17-1.fc14
Pacchetti RPM target
RPM della policy selinux-policy-3.9.7-46.fc14
Selinux abilitato True
Tipo di policy targeted
Modalità Enforcing Enforcing
Host Name devux.pial
Piattaforma Linux devux.pial 2.6.35.14-106.fc14.i686 #1 SMP
Wed Nov 23 13:57:33 UTC 2011 i686 i686
Conteggio avvisi 14
Primo visto dom 29 apr 2012 15:52:27 CEST
Ultimo visto ven 13 lug 2012 20:03:13 CEST
ID locale 5ea20850-0f9f-4752-bb2c-da75ce41b30c

Messaggi Raw Audit
type=AVC msg=audit(1342202593.285:27): avc: denied { name_connect } for pid=1898 comm="httpd" dest=3306 scontext=system_u:system_r:httpd_t:s0 tcontext=system_ubject_r:mysqld_port_t:s0 tclass=tcp_socket


type=SYSCALL msg=audit(1342202593.285:27): arch=i386 syscall=socketcall success=no exit=EACCES a0=3 a1=bfdb4700 a2=135f0c0 a3=11 items=0 ppid=1854 pid=1898 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)

Hash: httpd,httpd_t,mysqld_port_t,tcp_socket,name_connec t

audit2allow

#============= httpd_t ==============
#!!!! This avc can be allowed using one of the these booleans:
# httpd_can_network_connect, httpd_can_network_connect_db

allow httpd_t mysqld_port_t:tcp_socket name_connect;

audit2allow -R

#============= httpd_t ==============
#!!!! This avc can be allowed using one of the these booleans:
# httpd_can_network_connect, httpd_can_network_connect_db

allow httpd_t mysqld_port_t:tcp_socket name_connect;

Per ovviare a questo problema eseguo la console di linux, entro come root ed eseguo questi comandi:

setsebool httpd_can_network_connect_db 1
setsebool httpd_unified 1

Come posso fare (o esiste un metodo) per modificare una impostazione per non rieseguire ogni volta questi comandi? Vorrei evitare di eseguire il comando at.

Grazie.

[Alessio Puppi]

up

[Alessio Puppi]

up...

[Alessio Puppi]

Up....