Am 12.03.2016 um 23:18 schrieb Tim Dunphy:
> Hi all,
>
> I'm load balancing 4 mysql databases using HAProxy. The setup seems to be
> working pretty well. Except I keep seeing these messages turning up in
> syslog:
>
>
> Mar 12 22:11:31 db1 kernel: [6058125.959624] type=1400
> audit(1457820691.824:3029129): avc: denied { name_connect } for pid=801
> comm="haproxy" dest=7778 scontext=system_u:system_r:haproxy_t:s0
> tcontext=system_u:object_r:interwise_port_t:s0 tclass=tcp_socket
>
> It looks like SELinux is denying haproxy the ability to connect to the
> database. I haven't seen any real problems on the site that uses the
> database. But I was just wondering if this message looks familiar to
> anyone. Or if it looks like something I should try to correct.
>
> I tried grepping through audit.log for haproxy and piping it to audit2why,
> but I don't get any useful response back:
>
> [root at db1:~] #grep haproxy /var/log/audit/audit.log | audit2why -M haproxy
> Nothing to do
>
> I'm open to your thoughts and opinions!
>
> Thanks,
> Tim
setsebool -P haproxy_connect_any 1
Alexander