Actions
Bug #9407
closed
memcached plugin not working with selinux enabled
Difficulty:
easy
Triaged:
Description
The memcached plugin is not working because passenger is not allowed to connect memcache_port_t
Reproduce:- Just install the ruby193-rubygem-foreman_memcache package and configure it to localhost
- login on Foreman
- In production log: DalliError: No server available
- selinux logs: ruby system_u:system_r:passenger_t:s0 42 tcp_socket name_connect system_u:object_r:memcache_port_t:s0 denied 16180
Solutions
- setsebool -P passenger_can_connect_all=on (personally my last resort solution)
- Create a selinux module (See below)
module passenger_can_connect_memcache 1.0;
require {
type passenger_t;
type memcache_port_t;
class tcp_socket name_connect;
}
#============= passenger_t ==============
#!!!! This avc can be allowed using the boolean 'passenger_can_connect_all'
allow passenger_t memcache_port_t:tcp_socket name_connect;
Updated by Dominic Cleal almost 10 years ago
- Project changed from Foreman to SELinux
- Category changed from 56 to Plugins
Updated by The Foreman Bot almost 7 years ago
- Status changed from New to Ready For Testing
- Assignee set to Sean O'Keeffe
- Pull request https://github.com/theforeman/foreman-selinux/pull/76 added
Updated by Anonymous almost 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 128e06fec213d9e4b811f4a5c037fa3c130fac4f.
Updated by Lukas Zapletal over 6 years ago
- Translation missing: en.field_release set to 330
Updated by Lukas Zapletal over 6 years ago
- Related to Bug #9772: selinux should enable memcache plugin added
Actions