Bug #9407
memcached plugin not working with selinux enabled
Difficulty:
easy
Triaged:
Description
The memcached plugin is not working because passenger is not allowed to connect memcache_port_t
Reproduce:- Just install the ruby193-rubygem-foreman_memcache package and configure it to localhost
- login on Foreman
- In production log: DalliError: No server available
- selinux logs: ruby system_u:system_r:passenger_t:s0 42 tcp_socket name_connect system_u:object_r:memcache_port_t:s0 denied 16180
Solutions
- setsebool -P passenger_can_connect_all=on (personally my last resort solution)
- Create a selinux module (See below)
module passenger_can_connect_memcache 1.0;
require {
type passenger_t;
type memcache_port_t;
class tcp_socket name_connect;
}
#============= passenger_t ==============
#!!!! This avc can be allowed using the boolean 'passenger_can_connect_all'
allow passenger_t memcache_port_t:tcp_socket name_connect;
Related issues
Associated revisions
History
#1
Updated by Dominic Cleal about 8 years ago
Updated by - Project changed from Foreman to SELinux
- Category changed from 56 to Plugins
#2
Updated by The Foreman Bot about 5 years ago
Updated by - Assignee set to Sean O'Keeffe
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman-selinux/pull/76 added
#3
Updated by Anonymous about 5 years ago
- % Done changed from 0 to 100
- Status changed from Ready For Testing to Closed
Applied in changeset 128e06fec213d9e4b811f4a5c037fa3c130fac4f.
#4
Updated by Lukas Zapletal almost 5 years ago
Updated by - Legacy Backlogs Release (now unused) set to 330
#5
Updated by Lukas Zapletal almost 5 years ago
- Related to Bug #9772: selinux should enable memcache plugin added
#6
Updated by Anonymous over 4 years ago
- Target version deleted (
1.18.0)
Fixes #9407 - add Foreman Memcache support