[PHP] Fatal error: Uncaught mysqli_sql_exception: Permission denied in ...

PHP Fatal error:  Uncaught mysqli_sql_exception: Permission denied in /.../???.php:59
Stack trace:
...

  SELinux(보안 강화 리눅스) 때문에 PHP-FPM에서 MySQL 접근이 막혀 PHP에서 치명적인 오류가 난 경우였다.

  audit2why와 audit2allow 명령으로 정보를 확인해 보면,

$ audit2why < /var/log/audit/audit.log
...
type=AVC msg=audit(1706454182.069:41503): avc:  denied  { connectto } for  pid=16298 comm="php-fpm" path="/var/lib/mysql/mysql.sock" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_stream_socket permissive=0

        Was caused by:
                Unknown - would be allowed by active policy
                Possible mismatch between this policy and the one under which the audit message was generated.

                Possible mismatch between current in-memory boolean settings vs. permanent ones.

$ audit2allow -a
...
#============= httpd_t ==============
...
allow httpd_t unconfined_service_t:unix_stream_socket connectto;

  [SELinux] recv() failed (104: Connection reset by peer) while reading response header from upstream...에서 이야기한 방법을 참고하여 nginx-passenger.te 파일을 만들고, nginx-passenger.te 파일에 위에서 본 다음 내용을 더 끼워 넣는다.

module nginx-passenger 1.0;
require {
...
        type httpd_t;
        type unconfined_service_t;
...
        class unix_stream_socket { connectto };
...
#============= httpd_t ==============
allow httpd_t unconfined_service_t:unix_stream_socket connectto;
...

$ checkmodule -M -m -o nginx-passenger.mod nginx-passenger.te
$ semodule_package -o nginx-passenger.pp -m nginx-passenger.mod
$ semodule -i nginx-passenger.pp