Are you using MySQL for your MediaWiki database?
I've found that
MySQL
(and
probably other RDBMS brands) doesn't run when SELinux is enforcing its
default policies.
If I set SELinux to "disabled" or "permissive", MySQL does work. But
when
it's set to "enforcing", neither the
MySQL client nor the MySQL server
will
start.
Are you using the strict, or targeted policy? Mysqld runs just fine for
me using the targeted policy. I've even gotten mediawiki working fine
with SELinux enabled on both httpd and mysqld; although, I couldn't get
it working using the strict policy.
If you are using the targeted policy, and still can't get mysqld
running, try editing "/etc/selinux/targeted/booleans" and setting "
mysqld_disable_trans=1". This disables SELinux from protecting mysqld.
There's a tool called
"system-config-securitylevel" on FC5 that is
supposed
to configure SELinux. It allows you to specify certain ports, like 80
for
http and 3306 for MySQL, and presumably permits
incoming connections
on
those ports. I tried this, but it didn't seem to
help. I guess
SELinux
does more than block ports like a firewall.
Actually, this utility lets you configure your firewall *and* SELinux.
SELinux is not anything like a firewall, it is role based access
controls.
Notice that this utility lets you enable/disable SELinux protection for
different services, and it also lets you configure how it protects
services. Most of these settings are in
"/etc/selinux/targeted/booleans".
One of those settings is particularly helpful if you are looking at
setting up mediawiki. "httpd_unified=1" in
"/etc/selinux/targeted/booleans", which is "Unify HTTPD handling of all
content files". This makes SELinux less strict when checking how the
httpd daemon is using files.
If you have another firewall protecting your server
from the outside
world,
it may be good enough to rely on that, and just make SELinux
permissive or
disabled.
As the two are completely different, I wouldn't say this... I am
personally wary about turning off SELinux on a system facing the
internet. It definitely adds quite a bit of security to your systems.
If you are having problems getting the system up and running when using
enforcing, try using permissive and keep an eye on your logs to see what
SELinux doesn't like. Fix those errors, then try running in enforcing
(it'll probably work then).
V/r,
Ryan Lane