SElinux stopping LVS from working with https

Question

LVS/piranha is setup and trying to get it to balance https instead of http. Setup https testing with wget - idea from this link. Works when I do it at the command prompt. With SELinux enforcing, the wget fails to run due to the lack of access to /dev/random. (Error - Could not seed PRNG; consider using --random-file. Disabling SSL due to encountered errors.)

wget runs as system_u:system_r:piranha_lvs_t:s0 but the file/device /dev/random has system_u:object_r:random_device_t:s0 Also, wget is trying to getattr and read.

How do you allow wget to use /dev/random so it will do ssl?

score 0 · Answer 1 · answered Sep 18 '12 at 01:36

0

ran audit2allow to on the logs to find out what needed to be changed
to get audit2allow, you need to install setroubleshoot via yum, at least on CentOS
When I ran it audit2allow, said it that piranha_lvs_t needed access to random_device_t:chr_file both read and getattr
and audit2allow said that the boolean global_ssp would solve the problem - i.e. setsebool global_ssp on

PS: yes, I am answering my own question.

answered Sep 18 '12 at 01:36

J Hoskins

1

That's no problem, but please mark it as accepted answer. – Adrian Heine Oct 17 '12 at 18:38

SElinux stopping LVS from working with https

1 Answers1