selinux denying haproxy connections?

About

Asked 10/3, 2016 at 12:55 Answered 12/8, 2016 at 3:28

I'm seeing these messages popping up in syslog:

Mar 10 12:51:35 db1 kernel: [5851729.958138] type=1400 audit(1457614295.823:2925931): avc:  denied  { name_connect } for  pid=801 comm="haproxy" dest=7778 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:interwise_port_t:s0 tclass=tcp_socket

Does this mean that SELinux is denying connections to haproxy?

Thanks

Mathilda answered 10/3, 2016 at 12:55 Comment(0)

You could try running:

setsebool -P haproxy_connect_any 1

as root to enable connection for haproxy.

Forefoot answered 12/8, 2016 at 3:28 Comment(3)

Work like a charm for me on centos 7. – Replevin 19/10, 2016 at 8:47

indeed this is the solution. fedora 25 here – Downcomer 22/1, 2017 at 1:22

one can pre/post-check the status and existence of selinux rules with: semanage boolean -l | grep haproxy – Calipash 16/1, 2023 at 12:38

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags