Tzafrir Cohen
2017-Mar-15 08:28 UTC
[asterisk-users] Having problem getting Asterisk to work on CentOS 7
On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote:> https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look elsewhere. > > <editorial>It seems that a lot of things do not work with Selinux or have > no instructions about how to make them work with Selinux that it almost > seems like a useless feature.</editorial>Many things work well, once properly configured. Looking at the exact error (again, audit.log) is the first step. Once upon a time Asterisk used to be able to run with SELinux: https://issues.asterisk.org/jira/browse/ASTERISK-3088 The problem may be missing a profile for Asterisk. Or the fact that it interacts too much with other services? I'll have to give it a shot. At least for a stand-alone Asterisk. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.cohen at xorcom.com +972-50-7952406 mailto:tzafrir.cohen at xorcom.com http://www.xorcom.com
Dan Cropp
2017-Mar-15 14:55 UTC
[asterisk-users] Having problem getting Asterisk to work on CentOS 7
Here is the audit.log.
Does this indicate a problem with accessing the astdb.sqlite3 file?
Permissions for this file are...
[root at localhost ~]# ls -l /var/lib/asterisk/astdb.sqlite3
-rw-r--r--. 1 root root 5120 Mar 15 09:39 /var/lib/asterisk/astdb.sqlite3
[root at localhost ~]# tail -f /var/log/audit/audit.log
type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838
comm="asterisk" name="astdb.sqlite3" dev="dm-0"
ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no
exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588777.432:1172): avc: denied { getattr } for pid=3844
comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3"
dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.432:1172): arch=c000003e syscall=4 success=no
exit=-13 a0=7ffec8193380 a1=7ffec81933c0 a2=7ffec81933c0 a3=8913bc items=0
ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588777.435:1173): avc: denied { getattr } for pid=3844
comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3"
dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.435:1173): arch=c000003e syscall=4 success=no
exit=-13 a0=26a1240 a1=7ffec8192cd0 a2=7ffec8192cd0 a3=7ffec81929f0 items=0
ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588777.435:1174): avc: denied { read write } for
pid=3844 comm="asterisk" name="astdb.sqlite3"
dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.435:1174): arch=c000003e syscall=2 success=no
exit=-13 a0=26a1240 a1=80042 a2=1a4 a3=7ffec8192920 items=0 ppid=1485 pid=3844
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588777.435:1175): avc: denied { read } for pid=3844
comm="asterisk" name="astdb.sqlite3" dev="dm-0"
ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.435:1175): arch=c000003e syscall=2 success=no
exit=-13 a0=26a1240 a1=80000 a2=1a4 a3=26a1240 items=0 ppid=1485 pid=3844
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588781.629:1176): avc: denied { getattr } for pid=3851
comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3"
dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.629:1176): arch=c000003e syscall=4 success=no
exit=-13 a0=7ffffa251e80 a1=7ffffa251ec0 a2=7ffffa251ec0 a3=8913bc items=0
ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588781.633:1177): avc: denied { getattr } for pid=3851
comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3"
dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.633:1177): arch=c000003e syscall=4 success=no
exit=-13 a0=27cf470 a1=7ffffa2517d0 a2=7ffffa2517d0 a3=7ffffa2514f0 items=0
ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588781.633:1178): avc: denied { read write } for
pid=3851 comm="asterisk" name="astdb.sqlite3"
dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.633:1178): arch=c000003e syscall=2 success=no
exit=-13 a0=27cf470 a1=80042 a2=1a4 a3=7ffffa251420 items=0 ppid=1485 pid=3851
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588781.633:1179): avc: denied { read } for pid=3851
comm="asterisk" name="astdb.sqlite3" dev="dm-0"
ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.633:1179): arch=c000003e syscall=2 success=no
exit=-13 a0=27cf470 a1=80000 a2=1a4 a3=27cf470 items=0 ppid=1485 pid=3851
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588785.830:1180): avc: denied { getattr } for pid=3857
comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3"
dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.830:1180): arch=c000003e syscall=4 success=no
exit=-13 a0=7ffd6605ff40 a1=7ffd6605ff80 a2=7ffd6605ff80 a3=8913bc items=0
ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588785.834:1181): avc: denied { getattr } for pid=3857
comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3"
dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.834:1181): arch=c000003e syscall=4 success=no
exit=-13 a0=1be0de0 a1=7ffd6605f890 a2=7ffd6605f890 a3=7ffd6605f5b0 items=0
ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588785.834:1182): avc: denied { read write } for
pid=3857 comm="asterisk" name="astdb.sqlite3"
dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.834:1182): arch=c000003e syscall=2 success=no
exit=-13 a0=1be0de0 a1=80042 a2=1a4 a3=7ffd6605f4e0 items=0 ppid=1485 pid=3857
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
type=AVC msg=audit(1489588785.834:1183): avc: denied { read } for pid=3857
comm="asterisk" name="astdb.sqlite3" dev="dm-0"
ino=100884225 scontext=system_u:system_r:asterisk_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.834:1183): arch=c000003e syscall=2 success=no
exit=-13 a0=1be0de0 a1=80000 a2=1a4 a3=1be0de0 items=0 ppid=1485 pid=3857
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="asterisk"
exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0
key=(null)
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces
at lists.digium.com] On Behalf Of Tzafrir Cohen
Sent: Wednesday, March 15, 2017 3:29 AM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] Having problem getting Asterisk to work on CentOS
7
On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler
wrote:> https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_
> Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_D
> isabling_SELinux.html
>
> If disabling Selinux solves your problem, then your problem may be
> related to Selinux.
> If it does not change yout problem, you may want to look elsewhere.
>
> <editorial>It seems that a lot of things do not work with Selinux or
> have no instructions about how to make them work with Selinux that it
> almost seems like a useless feature.</editorial>
Many things work well, once properly configured. Looking at the exact error
(again, audit.log) is the first step.
Once upon a time Asterisk used to be able to run with SELinux:
https://issues.asterisk.org/jira/browse/ASTERISK-3088
The problem may be missing a profile for Asterisk.
Or the fact that it interacts too much with other services? I'll have to
give it a shot. At least for a stand-alone Asterisk.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Ron Wheeler
2017-Mar-15 15:14 UTC
[asterisk-users] Having problem getting Asterisk to work on CentOS 7
What are you using for the database - SQLite? I am using mysql (mariadb). I am not familiar with SQLlite. Can you access the database from the console - look up the list of tables - display the contents from a table? Anything to see if your SQLite is working and has asterisk data in it. From your Asterisk console, |CLI> core show help database| should give you a list of commands that you can try. |database show -- Shows database contents database showkey -- Shows database contents| would seem to let you know if you have a database that works. Never had to do this but it seems an easy way to test your database connection. Do you have webmin installed on your Centos7 box. I find that this is a handy web/graphical interface to Centos7. On 15/03/2017 10:55 AM, Dan Cropp wrote:> Here is the audit.log. > Does this indicate a problem with accessing the astdb.sqlite3 file? > > Permissions for this file are... > [root at localhost ~]# ls -l /var/lib/asterisk/astdb.sqlite3 > -rw-r--r--. 1 root root 5120 Mar 15 09:39 /var/lib/asterisk/astdb.sqlite3 > > > [root at localhost ~]# tail -f /var/log/audit/audit.log > type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588777.432:1172): avc: denied { getattr } for pid=3844 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588777.432:1172): arch=c000003e syscall=4 success=no exit=-13 a0=7ffec8193380 a1=7ffec81933c0 a2=7ffec81933c0 a3=8913bc items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588777.435:1173): avc: denied { getattr } for pid=3844 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588777.435:1173): arch=c000003e syscall=4 success=no exit=-13 a0=26a1240 a1=7ffec8192cd0 a2=7ffec8192cd0 a3=7ffec81929f0 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588777.435:1174): avc: denied { read write } for pid=3844 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588777.435:1174): arch=c000003e syscall=2 success=no exit=-13 a0=26a1240 a1=80042 a2=1a4 a3=7ffec8192920 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588777.435:1175): avc: denied { read } for pid=3844 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588777.435:1175): arch=c000003e syscall=2 success=no exit=-13 a0=26a1240 a1=80000 a2=1a4 a3=26a1240 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588781.629:1176): avc: denied { getattr } for pid=3851 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588781.629:1176): arch=c000003e syscall=4 success=no exit=-13 a0=7ffffa251e80 a1=7ffffa251ec0 a2=7ffffa251ec0 a3=8913bc items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588781.633:1177): avc: denied { getattr } for pid=3851 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588781.633:1177): arch=c000003e syscall=4 success=no exit=-13 a0=27cf470 a1=7ffffa2517d0 a2=7ffffa2517d0 a3=7ffffa2514f0 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588781.633:1178): avc: denied { read write } for pid=3851 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588781.633:1178): arch=c000003e syscall=2 success=no exit=-13 a0=27cf470 a1=80042 a2=1a4 a3=7ffffa251420 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588781.633:1179): avc: denied { read } for pid=3851 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588781.633:1179): arch=c000003e syscall=2 success=no exit=-13 a0=27cf470 a1=80000 a2=1a4 a3=27cf470 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588785.830:1180): avc: denied { getattr } for pid=3857 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588785.830:1180): arch=c000003e syscall=4 success=no exit=-13 a0=7ffd6605ff40 a1=7ffd6605ff80 a2=7ffd6605ff80 a3=8913bc items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588785.834:1181): avc: denied { getattr } for pid=3857 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588785.834:1181): arch=c000003e syscall=4 success=no exit=-13 a0=1be0de0 a1=7ffd6605f890 a2=7ffd6605f890 a3=7ffd6605f5b0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588785.834:1182): avc: denied { read write } for pid=3857 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588785.834:1182): arch=c000003e syscall=2 success=no exit=-13 a0=1be0de0 a1=80042 a2=1a4 a3=7ffd6605f4e0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588785.834:1183): avc: denied { read } for pid=3857 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588785.834:1183): arch=c000003e syscall=2 success=no exit=-13 a0=1be0de0 a1=80000 a2=1a4 a3=1be0de0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > > > -----Original Message----- > From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Tzafrir Cohen > Sent: Wednesday, March 15, 2017 3:29 AM > To: asterisk-users at lists.digium.com > Subject: Re: [asterisk-users] Having problem getting Asterisk to work on CentOS 7 > > On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: >> https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_ >> Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_D >> isabling_SELinux.html >> >> If disabling Selinux solves your problem, then your problem may be >> related to Selinux. >> If it does not change yout problem, you may want to look elsewhere. >> >> <editorial>It seems that a lot of things do not work with Selinux or >> have no instructions about how to make them work with Selinux that it >> almost seems like a useless feature.</editorial> > Many things work well, once properly configured. Looking at the exact error (again, audit.log) is the first step. > > Once upon a time Asterisk used to be able to run with SELinux: > https://issues.asterisk.org/jira/browse/ASTERISK-3088 > > The problem may be missing a profile for Asterisk. > > Or the fact that it interacts too much with other services? I'll have to give it a shot. At least for a stand-alone Asterisk. >-- Ron Wheeler President Artifact Software Inc email: rwheeler at artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170315/04920156/attachment.html>