I’m trying to access an SQLite file on a CentOS7 box using PHP and the PDO library. I was getting read-only errors just like this question – https://stackoverflow.com/questions/3319112/sqlite-read-only-database
And per that question, the answer was to disable SELinux. That’s fine for development, but for a production system I’d like to keep SELinux enabled.
How do I leave SELinux enabled, without getting read-only errors on the SQLite file?
(Note: The answers in that question that relate to it don’t seem to be CentOS 7 compatible).
By default PHP (which runs under the
httpd_t domain) is not allowed to write files in most locations on the system, other than temporary directories.
You can set a specific file to be writable by changing its context to
httpd_sys_rw_content_t. For example, to change the context temporarily:
chcon -t httpd_sys_rw_content_t /var/lib/myapp/database.sqlite
To make this permanent, you need to set a permanent file context matching the file, so that it will always be labeled this way. You do this with
semanage fcontext -a -t httpd_sys_rw_content_t /var/lib/myapp/database.sqlite
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.