Fix TCP HMs on UDP pools with SELinux
SELinux denied some specific TCP ports when using TCP-based HMs in UDP pools (keepalived). Enable a SELinux boolean keepalived_connect_any which allows keepalived to connect to any port. Closes-Bug: #2023751 Change-Id: Ie611ba9fde7b399989d847dd0c61dd3a158652bc (cherry picked from commit294bd406f3
) (cherry picked from commitc0ceebebbf
) (cherry picked from commit4d52ce9c5c
) (cherry picked from commitda9dc1230e
)
This commit is contained in:
parent
f395d378eb
commit
3f1dc2012d
@ -17,3 +17,6 @@ enable_selinux_bool () {
|
||||
enable_selinux_bool os_haproxy_enable_nsfs
|
||||
enable_selinux_bool os_haproxy_ping
|
||||
enable_selinux_bool cluster_use_execmem
|
||||
# Allows keepalived to connect to any ports (required by TCP-based HMs on UDP
|
||||
# pools)
|
||||
enable_selinux_bool keepalived_connect_any
|
||||
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
Fixed an SELinux issues with TCP-based health-monitor on UDP pools, some
|
||||
specific monitoring ports were denied by SELinux. The Amphora image now
|
||||
enables the ``keepalived_connect_any`` SELinux boolean that allows
|
||||
connections to any ports.
|
Loading…
Reference in New Issue
Block a user