skip to solution
Recently, I made a recursive xml sitemap generator tool, which quickly generates a sitemap, calculating how popular certain pages are related to how may linke they have internally. This helps make quick, good xml sitemaps that google likes as it follows the rough popularity that google sees of each page.
So I spent about 3 hours on this script - making it proper kick ass only to discover that when I upload the script from my dev server to my live server - the fucker doesn't work! not only that, but there's nothing reported in /var/log/messages.
After updating php-curl using yum and turning my firewall off with still no luck - I decided to get heavy handed and ask my server people to reinstall a newer version of fedora.
so afterspending another half a day setting up ftp/httpd/iptables/mysql/php/bind/etc. I uploaded the xmlsitemap generator and it still doesn't fucking work!
Oh where do I start? 'Livid' doesn't even come close - not only had i wasted the best part of a day updating my server - I didn't even manage to fix my sitemap script!!!
However, i did now have a message in /var/log/messages;
comm="httpd" dest=80 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
After much googling, I found this solution;
Solution
in the cli, type the following
#> getsebool -a
#> setsebool httpd_can_network_connect true
The first command displays the current SELinux settings, the second should change the SELinux setting so that httpd can access tinterweb.
I think this is one of thise annoying SELinux bugs that no-one really understands as there's not much on google about it - however i've found loads of people moaning about it and not getting it to work. Therefore I hope this helps someone!
1 comment:
Very helpful post, saved me a lot of grief.
I'd like to add that you should add the -P flag if you need to be sure the setting lives through the next reboot, as described in the man page for setsebool.
Post a Comment