Re: BUG #11365: denied apache cgi connect

On 9/7/2014 10:02 PM, Jan Wieck wrote:
>> the PGDG packagers probably should include some level of database
>> selinux policy settings.  maybe a special RPM that sets the apache
>> database policy or something.
>

I probably should have said 'could' instead of 'probably should'.

> "Some special RPM" to do what exactly? Just because someone has
> PostgreSQL and Apache installed on their system doesn't mean they
> wanted httpd to be able to try to connect to their MySQL server on
> another machine in the network. Precisely that is what
> httpd_can_network_connect_db would allow (as a side effect).
>
> So please be more precise in what exactly that special RPM should set
> or enable.

this RPM would be called something like
postgresqlXY-apache-selinuxpolicy, and if installed, it would add the
selinux policy that allows apache to connect to postgres version X.Y as
installed from the same repository.  if uninstalled, it would remove
that policy.


--
john r pierce                                      37N 122W
somewhere on the middle of the left coast