If you have an Apache (httpd) application that needs to access a remote Database, you will have to change the SELinux policy as described bellow to allow Apache access to network databases. You have to edit the SELinux boolian settings for this.

First, check if the “httpd_can_network_connect_db” boolian set to “on”.

[root@testsrv ~]# getsebool -a | grep httpd_can_network_connect_db
httpd_can_network_connect_db --> off

By default, this is set to off. To enable network database access for Apache, execute bellow command.

setsebool -P httpd_can_network_connect_db on

Note, that “-P” is added to permanently change this setting therefore on system reboot this setting will be preserved.

If the database that the application is trying to reach is other than the default port (eg. mysql: 3306), you have to edit the SELinux Policy as described bellow.

Assume the application trying to connect to a mysql database and custom port is 1234. To get the current settings for mysql in SELinux policy,

semanage port -l | grep mysqld_port_t

To add new custom port to this mysql port group,

semanage port -a -t mysqld_port_t -p tcp 1234

Later on if you need to remove any custom port that entered in a port group, (eg: mysql:1234)

semanage port -d -t mysqld_port_t -p tcp 12345