[CentOS] SELinux denies haproxy

Sun Mar 13 01:36:58 UTC 2016
Tim Dunphy <bluethundr at gmail.com>

>
> setsebool -P haproxy_connect_any 1


Hey, thanks Alexander! That did the trick.

for more information :
> https://www.mankier.com/8/haproxy_selinux


Thanks, Hossein! Very valuable info. Much appreciated.

Tim

On Sat, Mar 12, 2016 at 5:40 PM, Hossein Aghaie <hossein.a97 at gmail.com>
wrote:

> for more information :
> https://www.mankier.com/8/haproxy_selinux
>
> On Sun, Mar 13, 2016 at 2:05 AM, Alexander Dalloz <ad+lists at uni-x.org>
> wrote:
>
> > Am 12.03.2016 um 23:18 schrieb Tim Dunphy:
> >
> >> Hi all,
> >>
> >> I'm load balancing 4 mysql databases using HAProxy. The setup seems to
> be
> >> working pretty well. Except I keep seeing these messages turning up in
> >> syslog:
> >>
> >>
> >> Mar 12 22:11:31 db1 kernel: [6058125.959624] type=1400
> >> audit(1457820691.824:3029129): avc: denied { name_connect } for pid=801
> >> comm="haproxy" dest=7778 scontext=system_u:system_r:haproxy_t:s0
> >> tcontext=system_u:object_r:interwise_port_t:s0 tclass=tcp_socket
> >>
> >> It looks like SELinux is denying haproxy the ability to connect to the
> >> database. I haven't seen any real problems on the site that uses the
> >> database. But I was just wondering if this message looks familiar to
> >> anyone. Or if it looks like something I should try to correct.
> >>
> >> I tried grepping through audit.log for haproxy and piping it to
> audit2why,
> >> but I don't get any useful response back:
> >>
> >> [root at db1:~] #grep haproxy /var/log/audit/audit.log | audit2why -M
> >> haproxy
> >> Nothing to do
> >>
> >> I'm open to your thoughts and opinions!
> >>
> >> Thanks,
> >> Tim
> >>
> >
> >
> > setsebool -P haproxy_connect_any 1
> >
> > Alexander
> >
> >
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B