SELinux policy prevents send.php from working via httpd

Question

SELinux policy prevents send.php from working via httpd

geoidesic opened this issue 10 years ago · 5 comments

Fatal error: Uncaught exception 'PhpAmqpLib\Exception\AMQPRuntimeException' with message 'Error Connecting to server(13): Permission denied ' in /var/www/vhosts/myRabbitProject/vendor/videlalvaro/php-amqplib/PhpAmqpLib/Wire/IO/StreamIO.php:27

This is because amqp_port_t type is assigned to port 5672 in the CentOS6 default SELinux policy.

So from your examples, I can run send.php and receive.php from the command line without trouble. The receive.php will be run from the command line, so that's will work fine. However, generally I'm going to want to run send.php when someone hits a particular part of the API (i.e. via http), which generates the error above.

I can add in an SELinux module that allows httpd to connect to port 5672 but I'd like to know whether this would be considered "best-practise"? And if not then what is?

Answer 1 · 2015-01-02T11:22:57.000Z

I'm not sure what we can do. Please configure your SELinux permissions accordingly. We are not going to add notes on SELinux to the tutorials, sorry.

Answer 2 · 2015-01-02T11:24:32.000Z

Sorry, just updated my comment: The question is really – is updating SELinux permissions the best-practice solution to this or is there another way?

Answer 3 · 2015-01-02T11:26:11.000Z

Yes, if SELinux blocks access to RabbitMQ ports, what else can you do besides configuring it not to?

Answer 4 · 2015-01-02T11:27:06.000Z

Please post questions to rabbitmq-users. Your issue has nothing to do with the actual tutorials code.

Answer 5 · 2015-01-02T11:30:39.000Z

Ok thanks. Maybe worth adding that link to the github wiki?