SELinux prevents from successful executing Create Order.php

[bzc0fq]

Hi,

I have installed latest openpayu_php on a server running Rocky Linux 8.6. When I tried to run an example script OrderCreate.php I got these errors:

string(575) "OpenPayU_Exception_Network in /var/www/html/xxx/openpayu/lib/OpenPayU/HttpCurl.php:59
Stack trace:
#0 /var/www/html/xxx/openpayu/lib/OpenPayU/Http.php(24): OpenPayU_HttpCurl::doPayuRequest('POST', 'https://secure....', Object(AuthType_Oauth), '{"notifyUrl":"h...')
#1 /var/www/html/xxx/openpayu/lib/OpenPayU/v2/Order.php(57): OpenPayU_Http::doPost('https://secure....', '{"notifyUrl":"h...', Object(AuthType_Oauth))
#2 /var/www/html/xxx/openpayu/scripts/v2/order/OrderCreate.php(55): OpenPayU_Order::create(Array)
#3 {main}"

I had SELinux on while running the script.

SELinux audit messages were: type=AVC msg=audit(1669023718.399:18590): avc: denied { name_connect } for pid=39332 comm="php-fpm" dest=443 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0

If I turn SELinux off the script works OK.

What can cause the issue? I understand that SELinux is not happy from SSL network connection that is established by httpd, but this might be misleading since I do use port 443 widely in the system and it works fine.

Please advice since I would like to know the root cause before changing anything within SELinux.

Thanks!

PS. I also tried running OrderForm.php, and it work fine regardless SELinux status.

[regdos]

The only problem is the configuration of the operating system. SELinux blocks outbound http traffic.

You have to allow it setsebool -P httpd_can_network_connect 1

More information is in https://www.toysdesk.com/2020/02/php-fpm-and-selinux/ and https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-managing_confined_services-the_apache_http_server-booleans