SELinux is blocking keepalived scripts
Issue
- Unable to run
keepalived
scripts withSELinux
inEnforcing
mode. -
SELinux
AVC messages similar to the following are logged in/var/log/audit/audit.log
:type=AVC msg=audit(1546871807.096:14299028): avc: denied { getattr } for pid=87919 comm="pidof" path="/usr/sbin/haproxy-systemd-wrapper" dev="dm-0" ino=2297156 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:haproxy_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(01/21/2019 09:26:37.548:5455867) : avc: denied { getattr } for pid=20569 comm=pidof path=/usr/libexec/postfix/pickup dev="dm-0" ino=406383 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:postfix_pickup_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(1548773332.351:1343): avc: denied { signull } for pid=15336 comm="killall" scontext=system_u:system_r:keepalived_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process permissive=0
Environment
- Red Hat Enterprise Linux 7
keepalived
SELinux
inEnforcing
mode
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.