Ron Wheeler
2017-Mar-15 15:14 UTC
[asterisk-users] Having problem getting Asterisk to work on CentOS 7
What are you using for the database - SQLite? I am using mysql (mariadb). I am not familiar with SQLlite. Can you access the database from the console - look up the list of tables - display the contents from a table? Anything to see if your SQLite is working and has asterisk data in it. From your Asterisk console, |CLI> core show help database| should give you a list of commands that you can try. |database show -- Shows database contents database showkey -- Shows database contents| would seem to let you know if you have a database that works. Never had to do this but it seems an easy way to test your database connection. Do you have webmin installed on your Centos7 box. I find that this is a handy web/graphical interface to Centos7. On 15/03/2017 10:55 AM, Dan Cropp wrote:> Here is the audit.log. > Does this indicate a problem with accessing the astdb.sqlite3 file? > > Permissions for this file are... > [root at localhost ~]# ls -l /var/lib/asterisk/astdb.sqlite3 > -rw-r--r--. 1 root root 5120 Mar 15 09:39 /var/lib/asterisk/astdb.sqlite3 > > > [root at localhost ~]# tail -f /var/log/audit/audit.log > type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588777.432:1172): avc: denied { getattr } for pid=3844 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588777.432:1172): arch=c000003e syscall=4 success=no exit=-13 a0=7ffec8193380 a1=7ffec81933c0 a2=7ffec81933c0 a3=8913bc items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588777.435:1173): avc: denied { getattr } for pid=3844 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588777.435:1173): arch=c000003e syscall=4 success=no exit=-13 a0=26a1240 a1=7ffec8192cd0 a2=7ffec8192cd0 a3=7ffec81929f0 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588777.435:1174): avc: denied { read write } for pid=3844 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588777.435:1174): arch=c000003e syscall=2 success=no exit=-13 a0=26a1240 a1=80042 a2=1a4 a3=7ffec8192920 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588777.435:1175): avc: denied { read } for pid=3844 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588777.435:1175): arch=c000003e syscall=2 success=no exit=-13 a0=26a1240 a1=80000 a2=1a4 a3=26a1240 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588781.629:1176): avc: denied { getattr } for pid=3851 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588781.629:1176): arch=c000003e syscall=4 success=no exit=-13 a0=7ffffa251e80 a1=7ffffa251ec0 a2=7ffffa251ec0 a3=8913bc items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588781.633:1177): avc: denied { getattr } for pid=3851 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588781.633:1177): arch=c000003e syscall=4 success=no exit=-13 a0=27cf470 a1=7ffffa2517d0 a2=7ffffa2517d0 a3=7ffffa2514f0 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588781.633:1178): avc: denied { read write } for pid=3851 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588781.633:1178): arch=c000003e syscall=2 success=no exit=-13 a0=27cf470 a1=80042 a2=1a4 a3=7ffffa251420 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588781.633:1179): avc: denied { read } for pid=3851 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588781.633:1179): arch=c000003e syscall=2 success=no exit=-13 a0=27cf470 a1=80000 a2=1a4 a3=27cf470 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588785.830:1180): avc: denied { getattr } for pid=3857 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588785.830:1180): arch=c000003e syscall=4 success=no exit=-13 a0=7ffd6605ff40 a1=7ffd6605ff80 a2=7ffd6605ff80 a3=8913bc items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588785.834:1181): avc: denied { getattr } for pid=3857 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588785.834:1181): arch=c000003e syscall=4 success=no exit=-13 a0=1be0de0 a1=7ffd6605f890 a2=7ffd6605f890 a3=7ffd6605f5b0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588785.834:1182): avc: denied { read write } for pid=3857 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588785.834:1182): arch=c000003e syscall=2 success=no exit=-13 a0=1be0de0 a1=80042 a2=1a4 a3=7ffd6605f4e0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588785.834:1183): avc: denied { read } for pid=3857 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588785.834:1183): arch=c000003e syscall=2 success=no exit=-13 a0=1be0de0 a1=80000 a2=1a4 a3=1be0de0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > > > -----Original Message----- > From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Tzafrir Cohen > Sent: Wednesday, March 15, 2017 3:29 AM > To: asterisk-users at lists.digium.com > Subject: Re: [asterisk-users] Having problem getting Asterisk to work on CentOS 7 > > On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: >> https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_ >> Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_D >> isabling_SELinux.html >> >> If disabling Selinux solves your problem, then your problem may be >> related to Selinux. >> If it does not change yout problem, you may want to look elsewhere. >> >> <editorial>It seems that a lot of things do not work with Selinux or >> have no instructions about how to make them work with Selinux that it >> almost seems like a useless feature.</editorial> > Many things work well, once properly configured. Looking at the exact error (again, audit.log) is the first step. > > Once upon a time Asterisk used to be able to run with SELinux: > https://issues.asterisk.org/jira/browse/ASTERISK-3088 > > The problem may be missing a profile for Asterisk. > > Or the fact that it interacts too much with other services? I'll have to give it a shot. At least for a stand-alone Asterisk. >-- Ron Wheeler President Artifact Software Inc email: rwheeler at artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170315/04920156/attachment.html>
Dan Cropp
2017-Mar-15 15:52 UTC
[asterisk-users] Having problem getting Asterisk to work on CentOS 7
Some background to make sure this is the right track. SELINUX does seem to be the problem on startup. The audit.log I provided is what is happening prior to executing 'setenforce 0' Looking at astdb.sqlite3, there is only one table astdb. It has one record, which contains a key and value pair. Key is /pbx/UUID Value ..... Trying to understand where I should be focusing my efforts for the first problem of it not starting after a restart. Is sqlite3 and the astdb.sqlite3 errors from the audit.log the place I should be looking into? Or is the SELINUX issue the correct place for me to be looking? Seems to startup if I run the 'setenforce 0' (or change SELINUX setting). Or would it be best for me to be looking into using systemd based on possible problems with safe_asterisk? From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Ron Wheeler Sent: Wednesday, March 15, 2017 10:14 AM To: asterisk-users at lists.digium.com Subject: Re: [asterisk-users] Having problem getting Asterisk to work on CentOS 7 What are you using for the database - SQLite? I am using mysql (mariadb). I am not familiar with SQLlite. Can you access the database from the console - look up the list of tables - display the contents from a table? Anything to see if your SQLite is working and has asterisk data in it.>From your Asterisk console,CLI> core show help database should give you a list of commands that you can try. database show -- Shows database contents database showkey -- Shows database contents would seem to let you know if you have a database that works. Never had to do this but it seems an easy way to test your database connection. Do you have webmin installed on your Centos7 box. I find that this is a handy web/graphical interface to Centos7. On 15/03/2017 10:55 AM, Dan Cropp wrote: Here is the audit.log. Does this indicate a problem with accessing the astdb.sqlite3 file? Permissions for this file are... [root at localhost ~]# ls -l /var/lib/asterisk/astdb.sqlite3 -rw-r--r--. 1 root root 5120 Mar 15 09:39 /var/lib/asterisk/astdb.sqlite3 [root at localhost ~]# tail -f /var/log/audit/audit.log type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588777.432:1172): avc: denied { getattr } for pid=3844 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588777.432:1172): arch=c000003e syscall=4 success=no exit=-13 a0=7ffec8193380 a1=7ffec81933c0 a2=7ffec81933c0 a3=8913bc items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588777.435:1173): avc: denied { getattr } for pid=3844 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588777.435:1173): arch=c000003e syscall=4 success=no exit=-13 a0=26a1240 a1=7ffec8192cd0 a2=7ffec8192cd0 a3=7ffec81929f0 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588777.435:1174): avc: denied { read write } for pid=3844 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588777.435:1174): arch=c000003e syscall=2 success=no exit=-13 a0=26a1240 a1=80042 a2=1a4 a3=7ffec8192920 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588777.435:1175): avc: denied { read } for pid=3844 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588777.435:1175): arch=c000003e syscall=2 success=no exit=-13 a0=26a1240 a1=80000 a2=1a4 a3=26a1240 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588781.629:1176): avc: denied { getattr } for pid=3851 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588781.629:1176): arch=c000003e syscall=4 success=no exit=-13 a0=7ffffa251e80 a1=7ffffa251ec0 a2=7ffffa251ec0 a3=8913bc items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588781.633:1177): avc: denied { getattr } for pid=3851 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588781.633:1177): arch=c000003e syscall=4 success=no exit=-13 a0=27cf470 a1=7ffffa2517d0 a2=7ffffa2517d0 a3=7ffffa2514f0 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588781.633:1178): avc: denied { read write } for pid=3851 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588781.633:1178): arch=c000003e syscall=2 success=no exit=-13 a0=27cf470 a1=80042 a2=1a4 a3=7ffffa251420 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588781.633:1179): avc: denied { read } for pid=3851 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588781.633:1179): arch=c000003e syscall=2 success=no exit=-13 a0=27cf470 a1=80000 a2=1a4 a3=27cf470 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588785.830:1180): avc: denied { getattr } for pid=3857 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588785.830:1180): arch=c000003e syscall=4 success=no exit=-13 a0=7ffd6605ff40 a1=7ffd6605ff80 a2=7ffd6605ff80 a3=8913bc items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588785.834:1181): avc: denied { getattr } for pid=3857 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588785.834:1181): arch=c000003e syscall=4 success=no exit=-13 a0=1be0de0 a1=7ffd6605f890 a2=7ffd6605f890 a3=7ffd6605f5b0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588785.834:1182): avc: denied { read write } for pid=3857 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588785.834:1182): arch=c000003e syscall=2 success=no exit=-13 a0=1be0de0 a1=80042 a2=1a4 a3=7ffd6605f4e0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) type=AVC msg=audit(1489588785.834:1183): avc: denied { read } for pid=3857 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1489588785.834:1183): arch=c000003e syscall=2 success=no exit=-13 a0=1be0de0 a1=80000 a2=1a4 a3=1be0de0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) -----Original Message----- From: asterisk-users-bounces at lists.digium.com<mailto:asterisk-users-bounces at lists.digium.com> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Tzafrir Cohen Sent: Wednesday, March 15, 2017 3:29 AM To: asterisk-users at lists.digium.com<mailto:asterisk-users at lists.digium.com> Subject: Re: [asterisk-users] Having problem getting Asterisk to work on CentOS 7 On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_ Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_D isabling_SELinux.html If disabling Selinux solves your problem, then your problem may be related to Selinux. If it does not change yout problem, you may want to look elsewhere. <editorial>It seems that a lot of things do not work with Selinux or have no instructions about how to make them work with Selinux that it almost seems like a useless feature.</editorial> Many things work well, once properly configured. Looking at the exact error (again, audit.log) is the first step. Once upon a time Asterisk used to be able to run with SELinux: https://issues.asterisk.org/jira/browse/ASTERISK-3088 The problem may be missing a profile for Asterisk. Or the fact that it interacts too much with other services? I'll have to give it a shot. At least for a stand-alone Asterisk. -- Ron Wheeler President Artifact Software Inc email: rwheeler at artifact-software.com<mailto:rwheeler at artifact-software.com> skype: ronaldmwheeler phone: 866-970-2435, ext 102 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170315/76f173ca/attachment.html>
Telium Technical Support
2017-Mar-15 16:08 UTC
[asterisk-users] Having problem getting Asterisk to work on CentOS 7
The history of the question is lost (in the mail thread) so I'll jump in based on what I could see in my recent mail and the subject line: - The ASTDB should have no impact on Asterisk service start (which I assume is the problem given the subject line) - If you disabled SElinux then that's not the problem in starting asterisk>From another posting it appears that you can start Asterisk from the binary,and from safe_asterisk. If that's correct, then are you able to start/stop Asterisk from the service file? With CentOS7 that would be: systemctl start asterisk Is your asterisk service file present? (You can create one easily based on samples on the internet). If you have an asterisk service file but startup fails post the relevant portion of your syslog (journalctl). If your question has changed (you mentioned 'the first problem') then ignore the above; jumping in late. *Jason* -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170315/7f1283a0/attachment-0001.html>