Merge "Fix TCP HMs on UDP pools with SELinux"

2023-06-22 18:54:13 +00:00 · 2023-06-22 18:54:13 +00:00 · c2a1aebd35
parent 41366dcd73 294bd406f3
commit c2a1aebd35
2 changed files with 10 additions and 0 deletions
--- a/elements/amphora-selinux/post-install.d/50-selinux-policies
+++ b/elements/amphora-selinux/post-install.d/50-selinux-policies
@ -17,3 +17,6 @@ enable_selinux_bool () {
 enable_selinux_bool os_haproxy_enable_nsfs
 enable_selinux_bool os_haproxy_ping
 enable_selinux_bool cluster_use_execmem
+# Allows keepalived to connect to any ports (required by TCP-based HMs on UDP
+# pools)
+enable_selinux_bool keepalived_connect_any
--- a/releasenotes/notes/fix-selinux-tcp-hm-on-udp-pools-89c3b8db89e359ba.yaml
+++ b/releasenotes/notes/fix-selinux-tcp-hm-on-udp-pools-89c3b8db89e359ba.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixed an SELinux issues with TCP-based health-monitor on UDP pools, some
+    specific monitoring ports were denied by SELinux. The Amphora image now
+    enables the ``keepalived_connect_any`` SELinux boolean that allows
+    connections to any ports.