IO::Socket::INET: Permission denied???

OK, I’m putting this out there because the issue is hard to track down. I’ve been toying with Net::LDAP at work, and on a few servers I’ve run into the situation where a script using Net::LDAP works fine on the command line, but when accessed via apache, it failes with IO::Socket::INET: Permission denied.

What the heck, right??

OK, so it turns out its all SELinux’s fault. I’m not going to delve into the nuances of what you should and shouldn’t do with your SELinux config, because it s a good thing when used well, but if you find yourself scratching your head on why a CGI works fine everywhere, including the server you want to run it from, but fails to run via the webserver, check to see if SELinux is blocking you.

Thus ends today’s PSA for linux geeks.

One thought on “IO::Socket::INET: Permission denied???”

  1. Try placing SElinux into permissive mode to see which object property is disallowed/missing.
    # setenforce 0

    You can then check in:


    to see what would have triggered the process killing.

    Since you’re centos weenie:
    ^ is probably going to helpful.

    The audit2allow tool should help, too.

    At least, that’s what the recent gsec sans training tells me.

Comments are closed.