[asterisk-bugs] [JIRA] (ASTERISK-28770) res_pjsip: AVC denial with default SELinux setup on CentOS 7
Corey Farrell (JIRA)
noreply at issues.asterisk.org
Thu Mar 5 11:34:25 CST 2020
Corey Farrell created ASTERISK-28770:
----------------------------------------
Summary: res_pjsip: AVC denial with default SELinux setup on CentOS 7
Key: ASTERISK-28770
URL: https://issues.asterisk.org/jira/browse/ASTERISK-28770
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Resources/res_pjsip
Affects Versions: 13.31.0
Environment: Linux 3.10.0-1062.12.1.el7.x86_64 #1 SMP Tue Feb 4 23:02:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Reporter: Corey Farrell
Severity: Minor
When starting Asterisk under CentOS 7 I get the following audit log message:
{noformat}
type=AVC msg=audit(1583334492.502:2469): avc: denied { search } for pid=28909 comm="asterisk" name="net" dev="proc" ino=1405 scontext=system_u:system_r:asterisk_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0
{noformat}
I have isolated this to res_pjsip.so by setting {{autoload=no}} and loading modules one at a time. Unknown when this problem started, 13.31.0 is the first version I've tried chan_pjsip. I haven't noticed any problems caused by the AVC denial though I'm positive many features of chan_pjsip are going unused in my deployment.
Asterisk is being executed by systemd:
{code:none}
[Unit]
Description=Asterisk PBX and telephony daemon.
After=network.target
[Service]
Type=simple
Environment=HOME=/var/lib/asterisk
WorkingDirectory=/var/lib/asterisk
User=asterisk
Group=asterisk
ExecStart=/usr/sbin/asterisk -mqf -C /etc/asterisk/asterisk.conf
ExecStop=/usr/sbin/asterisk -rx 'core stop now'
ExecReload=/usr/sbin/asterisk -rx 'core reload'
LimitCORE=infinity
StandardOutput=null
PrivateTmp=true
[Install]
WantedBy=multi-user.target
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list