First, you need to undo the damage you inadvertently caused, then second you can fix the original problem.
This command was unnecessary and could prevent resolving the problem. The SELinux policy included with Fedora already contains the correct contexts, and this may override them with incorrect contexts, especially for the socket you are trying to access.
semanage fcontext -a -t mysqld_db_t "/var/lib/mysql(/.*)?"
Reverse its effect with:
semanage fcontext -d -t mysqld_db_t "/var/lib/mysql(/.*)?"
The file /var/lib/mysql/mysql.sock
should have the type mysqld_var_run_t
. The SELinux policy included with Fedora already has this type, but your socket didn't have this type set correctly. Either it was created while SELinux was disabled, someone created it in a different directory and moved it there, or some process created it without setting the context correctly. For instance, this might happen if MariaDB was started directly from a terminal rather than through its systemd service unit.
Whatever happened, it probably doesn't matter. If you have already fixed your configuration as above, then you can fix its context with restorecon
.
restorecon -v /var/lib/mysql/mysql.sock
Allowing your web app to talk to the database is simple enough, and you have already done it:
setsebool -P httpd_can_network_connect_db 1
Possibly optional:
Allowing the web server to make any network connections is most likely much more permissive than you really need to be. You can fix that by reversing the boolean.
setsebool -P httpd_can_network_connect 0