CentOS 7, php script via apache doesn't resolve host names. If I use ip directly it works

Question

I've installed a LAMP stack over CentOS 7.

If I try to resolve a name via php from command line it works, but if I execute that script thru web server it doesn't resolve the name. If I use ip directly it works, in each case.

For example:

$ip = gethostbyname('www.google.com');    
echo "GOOGLE IP = " . $ip;  // it shows IP only via php-cli, not thru apache

Any idea?

EDIT: disabling SE enforcing it works. It would be useful to know how configure it to work with SE enforcement enabled.

Answer 1

Set SELinux to permissive

setenforce 0

Make sure selinux-policy, selinux-policy-devel, setroubleshoot-server, setroubleshoot are installed

yum install selinux-policy, selinux-policy-devel, setroubleshoot-server, setroubleshoot -y

then tail the messages file and grep for sealert

tailf /var/log/messages | grep sealert

Your SELinux problem will get spit out in the form of

hostname setroubleshoot: SELinux is preventing httpd (httpd_t) "getattr" to /var/www/html/file1 (samba_share_t). For complete SELinux messages. run sealert -l 84e0b04d-d0ad-4347-8317-22e74f6cd020

so you then just run sealert -l 84e0b04d-d0ad-4347-8317-22e74f6cd020 to view your SELinux issue

Once you think you have fixed the issue, re enable SELinux setenforce 1 and check to see if your problem is fixed. If not then repeat the steps.

More info on sealert can be found at Red Hat's website, just don't disable SELinux.