for more information : https://www.mankier.com/8/haproxy_selinux On Sun, Mar 13, 2016 at 2:05 AM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Am 12.03.2016 um 23:18 schrieb Tim Dunphy: > >> Hi all, >> >> I'm load balancing 4 mysql databases using HAProxy. The setup seems to be >> working pretty well. Except I keep seeing these messages turning up in >> syslog: >> >> >> Mar 12 22:11:31 db1 kernel: [6058125.959624] type=1400 >> audit(1457820691.824:3029129): avc: denied { name_connect } for pid=801 >> comm="haproxy" dest=7778 scontext=system_u:system_r:haproxy_t:s0 >> tcontext=system_u:object_r:interwise_port_t:s0 tclass=tcp_socket >> >> It looks like SELinux is denying haproxy the ability to connect to the >> database. I haven't seen any real problems on the site that uses the >> database. But I was just wondering if this message looks familiar to >> anyone. Or if it looks like something I should try to correct. >> >> I tried grepping through audit.log for haproxy and piping it to audit2why, >> but I don't get any useful response back: >> >> [root at db1:~] #grep haproxy /var/log/audit/audit.log | audit2why -M >> haproxy >> Nothing to do >> >> I'm open to your thoughts and opinions! >> >> Thanks, >> Tim >> > > > setsebool -P haproxy_connect_any 1 > > Alexander > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >