NuSphere Forums Forum Index
NuSphere Forums
Reply to topic
How to set up SELinux to allow remote debugging?


Joined: 01 Aug 2014
Posts: 40
Reply with quote
@dmitri,

This is running on Centos 6 with SELinux enabled.

I've set up my debugger to go over SSH tunnel - port 7777 on 127.0.0.1 on a remote box connects via tunnel to my Windows where PHPEd debugger is listening on port 7777.

Initiating debugging with debugbreak('123@127.0.0.1:7777;d=1,p=0,c=0'); via CLI script on remote box starts debugger on my Windows just fine.

However, when you access that same script via HTTP, dbg is throwing error that permission was denied to connect to 127.0.0.1:7777.

Disabling SELinux fixes the problem.

Question - how should I configure SELinux to allow remote debugging over HTTP?

Thanks
View user's profileFind all posts by temuri416-v2Send private message
Site Admin

Joined: 13 Jul 2003
Posts: 8328
Reply with quote
you need to allow the server application (the process that runs php binary) to open connection to localhost using TCP/7777 port. That's it. As of application -- if you're running Apache php4apache module, php binary is loaded a shared object in this case and therefore it's Apache itself (httpd) should be granted this permission. If you're running php-fpm, a standalone fcgi process, you need to grant php-fpm with permissions to open such connections.
You may want to read manual about how to configure SELinux https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/configuring-selinux-for-applications-and-services-with-non-standard-configurations_using-selinux
NOTE -- you need only localhost (127.0.0.1), not "any" host and connections is originating FROM the application to a listener in SSHD process, not TO the listener in the application, like in case of apache 80 port.

_________________
The PHP IDE team
View user's profileFind all posts by dmitriSend private messageVisit poster's website
How to set up SELinux to allow remote debugging?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT - 5 Hours  
Page 1 of 1  

  
  
 Reply to topic