294bd406f3
SELinux denied some specific TCP ports when using TCP-based HMs in UDP pools (keepalived). Enable a SELinux boolean keepalived_connect_any which allows keepalived to connect to any port. Closes-Bug: #2023751 Change-Id: Ie611ba9fde7b399989d847dd0c61dd3a158652bc
23 lines
530 B
Bash
Executable File
23 lines
530 B
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
enable_selinux_bool () {
|
|
policy=$1
|
|
if semanage boolean -l | grep $policy; then
|
|
echo "Enabling $policy SELinux policy"
|
|
semanage boolean -N -m --on $policy
|
|
fi
|
|
}
|
|
|
|
enable_selinux_bool os_haproxy_enable_nsfs
|
|
enable_selinux_bool os_haproxy_ping
|
|
enable_selinux_bool cluster_use_execmem
|
|
# Allows keepalived to connect to any ports (required by TCP-based HMs on UDP
|
|
# pools)
|
|
enable_selinux_bool keepalived_connect_any
|