iTop and SE Linux

Some Linux distributions (Fedora, RedHat…) come with SELinux enabled by default. If you get troubles to have iTop connect to a remote MySQL server, check the SELinux settings with the following command:

getsebool -a | grep 'httpd'

You should see something like:

allow_httpd_anon_write –> off
allow_httpd_bugzilla_script_anon_write –> off
allow_httpd_cvs_script_anon_write –> off
allow_httpd_mod_auth_pam –> off
allow_httpd_nagios_script_anon_write –> off
allow_httpd_prewikka_script_anon_write –> off
allow_httpd_squid_script_anon_write –> off
allow_httpd_sys_script_anon_write –> off
httpd_builtin_scripting –> on
httpd_can_network_connect –> off
httpd_can_network_connect_db –> off
httpd_can_network_relay –> off
httpd_can_sendmail –> on
httpd_disable_trans –> off
httpd_enable_cgi –> on
httpd_enable_ftp_server –> off
httpd_enable_homedirs –> on
httpd_rotatelogs_disable_trans –> off
httpd_ssi_exec –> off
httpd_suexec_disable_trans –> off
httpd_tty_comm –> on
httpd_unified –> on
httpd_use_cifs –> off
httpd_use_nfs –> off

If you see the line httpd_can_network_connect_db –> off, this means that the web server is prevented from doing any network connection to the MySQL server.

To change this security setting, type the following command (as root):

setsebool -P httpd_can_network_connect_db on