XF 1.4 Unexpected database error occurred

[Floren]

After upgrading to CentOS 6.6, I get this error:

An unexpected database error occurred. Please try again later.
<!-- Permission denied -->

There is nothing indicating an issue into PHP, Nginx or MySQL logs. I can connect fine to the database, using the user listed into config.php file.

# netstat -tulpan | grep 3306
tcp        0      0 :::3306                     :::*                        LISTEN      2959/mysqld
# mysql -u user -h 127.0.0.1 -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2

 

[Xon]

Do you have selinux configured? It might be a selinux configuration profile was updated and is doing something you don't expect.

 

[Floren]

Thanks @Xon for pointing me into right direction, never thought Selinux will go so aggressive in CentOS 6.6. I had to build 2 new modules, example for PHP-FPM module:

# cat php-fpm.te
module php-fpm 1.0;

require {
    type mysqld_port_t;
    type httpd_t;
    type memcache_port_t;
    class process setrlimit;
    class tcp_socket name_connect;
}

#============= httpd_t ==============
#!!!! This avc can be allowed using one of the these booleans:
#     httpd_can_network_relay, httpd_can_network_memcache, httpd_can_network_connect
allow httpd_t memcache_port_t:tcp_socket name_connect;

#!!!! This avc can be allowed using one of the these booleans:
#     httpd_can_network_connect, httpd_can_network_connect_db
allow httpd_t mysqld_port_t:tcp_socket name_connect;

#!!!! This avc can be allowed using the boolean 'httpd_setrlimit'
allow httpd_t self:process setrlimit;

 

[rainmotorsports]

Thanks @Xon for pointing me into right direction, never thought Selinux will go so aggressive in CentOS 6.6.

It's fun in 7 thats for sure.

 

[Floren]

In CentOS 7 is so much easier to work with it, Firewalld is amazing with its dynamic config.

 

[rainmotorsports]

In CentOS 7 is so much easier to work with it, Firewalld is amazing with its dynamic config.

I am liking systemctl as well. A noob like me can write a startup script pretty easily. My initial CentOS 7 builds had SELinux enabled. But I am at the point now with swapping Apache out for NGINX that I have to learn how to do what you are doing. Once I get through that learning curve I can swap it back out of permissive.

 

[Floren]

I posted a tutorial on my site, how to create the custom modules for Selinux in CentOS 6.6.