A PHP application running under Apache on a CentOS 9 Stream server fails to open a TCP connection to a remote MariaDB database on port 3306 while SELinux is in enforcing mode. The audit log records a name_connect denial for the httpd_t domain to mysql_port_t. To permanently grant only the required permission-letting the web server reach the database but not other arbitrary network ports-which SELinux Boolean should you enable?
The Boolean that specifically allows Apache (httpd_t) to initiate network connections only to database servers is httpd_can_network_connect_db. Enabling it with setsebool -P httpd_can_network_connect_db on (or 1) makes the change persistent across reboots and satisfies the application's need to reach MySQL or MariaDB without granting the broader access provided by httpd_can_network_connect. The other options are either unrelated to database traffic or are not valid SELinux Booleans, so they do not resolve the denial.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SELinux and how does it control access?
Open an interactive chat with Bash
What other SELinux Booleans are commonly used for web servers?
Open an interactive chat with Bash
What is the purpose of the audit log in SELinux?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Troubleshooting
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access