9922248a89
By default, SELinux prevents HAProxy context (haproxy_t) to execute
shell context (shell_exec_t) for security reasons.
This prevents HAProxy to actually reload properly, since SELinux will
deny its call to a shell to save its state to a file.
In order to avoid opening a potential security hole in the load-balancer
image, the best way is to generate the state file before the actual
reload.
There are more details about the SELinux denials in the associated Red
Hat Bugzilla.
Conflicts:
octavia/amphorae/backends/utils/haproxy_query.py
Fixed in this backport:
- A compatibility issue with Python 2.7
(open() didn't have an encoding kwarg)
- save_state() tried to use Exception().output, which in general
causes an AttributeError
Resolves: rhbz#2073491
Change-Id: I6b9a5e1e3bafe77ad9f9506b8c0995d8c2a00081
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| amphorae | ||
| api | ||
| db | ||
| __init__.py | ||