You know, I don’t think I have ever heard of someone getting PostgreSQL & SELinux to play nicely, and certainly not in the context of phpPgAdmin, so I offer these notes for all future generations that end up having to tackle this annoying beast. (Note: I still recommend people just turn off SELinux, but if that’s not an option… :-) For the record: When I showed up, PostgreSQL, Apache, and PHP were already installed on the machine, my goal was to get phpPgAdmin installed. Step one was installing PostgreSQL support into PHP, which was a simple yum command away. Once that was done, I download ppa 4.1.3 and went about unpacking and configure it. Then the moment of truth… I tried to login and got the mysterious “login failed” message. No big deal, I walked the steps of troubleshooting like I have done 1000 times before… check postgresql.conf for tcp/ip, check pg_hba.conf for access, verify I can login with psql, everything seems ok. I try a few more times, but no dice. What is bothering me most is that the PostgreSQL logs do not show any FATAL errors (or errors of any kind for that matter), which 99% of the time means my connection attempt is not reaching the PostgreSQL server. The other 1% is that I am logging in ok, but am having a browser issue… As it turns out, I’ve been trying to do this with elinks, so I spend some time working around the no X solution (ended up port forwarding Apache back to my desktop) so I could use Galeon to login. In any case, that still didn’t work, and by now I was getting annoyed :-) I hack the pg_connect commands to spit out errors to the log files, and I see that all I’m getting is the “is postgres running and accepting tcp/ip connections error?” message, which it was, but I verify but telnetting to port 5432. Suddenly I remember, this is a Red hat box, and get suspicious of an SELinux issue. I do a check to see if I can login as the apache user using psql and I can, which is a little befuddling, but all the pieces fit together: httpd can’t reach PostgreSQL, but other things can, and there are no firewalls in the way (verified with iptables). This is about the time I whine a little to Dave. Dave is smart, and I figure he might have a clue about where to go from here. Unfortunately he claims no knowledge of SELinux, but he was smart enough to look in /var/log/messages and see the following message: (NOTE: pay attention, this is the important part!) OK, easy enough, we run that and sure enough it’s complaining about httpd trying to access the socket file… It’s important to note it was not complaining that the apache user was trying to get access, but that httpd was (which is why apache/psql worked ok earlier). So, we go ahead and run the recommended command *restorecon -v .s.PGSQL.5432*, and try again, but still no dice. While I check the PostgreSQL logs and the Apache logs, Dave taps me on the shoulder and points out that we have a different error from SELinux (see, Dave is smart) Of course this has a big handy message to go with it as well: So, we run that handy command it recommend here, *httpd_can_network_connect_db=1*, and… hold one… is it me or is that flag a bit lolcode or something? “apache can has database?” sure!… anyway, we run that command and try it again and wallah, we’re in! So we worked around SELinux, now we have to put all the other security stuff back in place (did i leave out the part where I set the pg_hba all trust? :-P ). I’m not entirely sure this is the best way to go about things (please do drop suggestions / advice / general wisdom in the comments) but it will work for now while we get things running and can discuss more fully a security policy. Hopefully this post will help others to look in the right places, and again, any pointers would be very welcome. Also, if you know if it’s possible to modify the php-pgsql rpm file to update the SELinux policy automagically, I’d be curious about that too.