[Mediawiki-l] mediawiki SELinux
Bill Karwin
bill at karwin.com
Wed Jun 7 20:33:01 UTC 2006
Are you using MySQL for your MediaWiki database? I've found that MySQL (and
probably other RDBMS brands) doesn't run when SELinux is enforcing its
default policies.
If I set SELinux to "disabled" or "permissive", MySQL does work. But when
it's set to "enforcing", neither the MySQL client nor the MySQL server will
start.
http://bugs.mysql.com/bug.php?id=12676 gives a proposed patch to SELinux
policy files to permit MySQL to run, but I haven't tried this patch.
There's a tool called "system-config-securitylevel" on FC5 that is supposed
to configure SELinux. It allows you to specify certain ports, like 80 for
http and 3306 for MySQL, and presumably permits incoming connections on
those ports. I tried this, but it didn't seem to help. I guess SELinux
does more than block ports like a firewall.
Here's an extensive FAQ on using SELinux with FC5:
http://fedora.redhat.com/docs/selinux-faq-fc5/en_US/
The level of detail makes me think that it would be pretty time-consuming to
learn how to administer SELinux properly.
If you have another firewall protecting your server from the outside world,
it may be good enough to rely on that, and just make SELinux permissive or
disabled.
Regards,
Bill K.
-----Original Message-----
From: mediawiki-l-bounces at Wikimedia.org
[mailto:mediawiki-l-bounces at Wikimedia.org] On Behalf Of city wiki
Sent: Wednesday, June 07, 2006 8:50 AM
To: mediawiki-l at Wikimedia.org
Subject: [Mediawiki-l] mediawiki SELinux
I'm instaling FC5 on a server just to be used via FTP and MediaWiki.
Question:
It works fine unless SELinux is set to enforcing.
How necessary is SELinux? Is there a comprenhensive guide on how to
configure it for Mediawiki? Just cannot find the right info.
Thanks.
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l at Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
More information about the MediaWiki-l
mailing list