setsebool -P haproxy_connect_any 1
Hey, thanks Alexander! That did the trick.
for more information :
Thanks, Hossein! Very valuable info. Much appreciated.
Tim
On Sat, Mar 12, 2016 at 5:40 PM, Hossein Aghaie hossein.a97@gmail.com wrote:
for more information : https://www.mankier.com/8/haproxy_selinux
On Sun, Mar 13, 2016 at 2:05 AM, Alexander Dalloz ad+lists@uni-x.org wrote:
Am 12.03.2016 um 23:18 schrieb Tim Dunphy:
Hi all,
I'm load balancing 4 mysql databases using HAProxy. The setup seems to
be
working pretty well. Except I keep seeing these messages turning up in syslog:
Mar 12 22:11:31 db1 kernel: [6058125.959624] type=1400 audit(1457820691.824:3029129): avc: denied { name_connect } for pid=801 comm="haproxy" dest=7778 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:interwise_port_t:s0 tclass=tcp_socket
It looks like SELinux is denying haproxy the ability to connect to the database. I haven't seen any real problems on the site that uses the database. But I was just wondering if this message looks familiar to anyone. Or if it looks like something I should try to correct.
I tried grepping through audit.log for haproxy and piping it to
audit2why,
but I don't get any useful response back:
[root@db1:~] #grep haproxy /var/log/audit/audit.log | audit2why -M haproxy Nothing to do
I'm open to your thoughts and opinions!
Thanks, Tim
setsebool -P haproxy_connect_any 1
Alexander
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos