Monday, 22 August 2011

SELinux and CakePHP on Fedora and CentOS

The first time I installed CakePHP, on a machine with SELinux enabled, I run into two big problems:

  1. Cake was unable to write to the application's tmp directory
  2. Cake was unable to connect tot the database, hosted on an other machine

The first thing that comes to mind, is to disable SELinux completely, and I did more than once :^). This time however, I said to myself that if so many people say SELinux is good, why not give it a try and see if we can both live peacefully on the same machine.

The first thing we need to deal with is allow access to the $APP/tmp directory. This can be accomplished by issuing :

# cd $APP
# chcon -Rv --type=httpd_user_content_rw_t tmp

Next will be to allow httpd to connect to a database hosted on a different machine than the one running the web server in case your setup use different machines for Database and web servers. This is allowed by issuing the following command again as the root user.

setsebool -P httpd_can_network_connect_db 1

For the moment my CakePHP server seems to be running fine. If any problems arise, I will update this post accordingly.

Finally a couple of links on SELinux

1 comment :

tzicatl said...

Thanks. That was very useful.