phpgoogle-translateselinux

Selinux preventing access to GOOGLE_APPLICATION_CREDENTIALS .json


Using Google Translate API, it appears that Selinux is preventing access to my Google credientials .json file. The selinux context was "unconfined_u:object_r:user_home_t:s0" so I tried changing it to httpd_sys_content_t using: "semanage fcontext -a -t httpd_sys_content_t [/path/filename]" and "restorecon -Rv [/path/filename]" but that didn't resolve the problem. What is the correct Selinux context setting for that file?

I'm using Rocky Linux 9, Apache version 2.4.57, and PHP 8.3.9.

PHP code (the Google Translate code uses Composer):

putenv("GOOGLE_APPLICATION_CREDENTIALS=".'/path/credentials.json');
use Google\Cloud\Translate\V2\TranslateClient;
$translate = new TranslateClient(); 

Turning off Selinux with "sudo setenforce 0" causes the above code to work. Turning Selinux back on with "sudo setenforce 1" causes it to fail with a curl error.

Thanks.


Solution

  • The solution didn't require changing permissions or the Selinux context for the file. It was related to Selinux blocking the use of Curl. So this is the fix:

    // check to see current Selinux configuration setting:

      $ getsebool httpd_can_network_connect
    
      httpd_can_network_connect --> off
    

    Since network connect is not allowed, change that and make sure Selinux is enabled:

      $ sudo setsebool -P httpd_can_network_connect on    
      $ sudo setenforce 1
    

    Google Translate API now successful communicating via Curl.