[asterisk-users] Asterisk installation script on CentOS7 with systemd [SOLVED]
jean.aunis at prescom.fr
Mon Dec 19 10:58:28 CST 2016
Le 19/12/2016 à 17:10, Olivier a écrit :
> 2016-12-19 16:11 GMT+01:00 Jean Aunis <jean.aunis at prescom.fr
> <mailto:jean.aunis at prescom.fr>>:
> Le 19/12/2016 à 15:54, Olivier a écrit :
>> Running systemctl start asterisk fails with :
>> Dec 19 15:43:08 foobar systemd: PID file
>> /var/run/asterisk/asterisk.pid not readable (yet?) after start.
>> Dec 19 15:43:09 foobar systemd: asterisk.service: main process
>> exited, code=exited, status=1/FAILURE
>> Dec 19 15:43:09 foobar asterisk: Unable to connect to remote
>> asterisk (does /var/run/asterisk/asterisk.ctl exist?)
>> Dec 19 15:43:09 foobar systemd: asterisk.service: control process
>> exited, code=exited status=1
>> Dec 19 15:43:09 foobar systemd: Unit asterisk.service entered
>> failed state.
>> Dec 19 15:43:09 foobar systemd: asterisk.service failed.
>> But /usr/sbin/asterisk -vvvgF -U asterisk -G asterisk -C
>> /etc/asterisk/asterisk.conf succeeds:
>> # rasterisk
>> Asterisk 13.13.1, Copyright (C) 1999 - 2014, Digium, Inc. and others.
>> Running as user 'asterisk'
>> Running under group 'asterisk'
>> Connected to Asterisk 13.13.1 currently running on ...
>> Any hint or help on how to debug this ?
>> (I tried with and without any /run/asterisk directory owned by
>> Best regards
> Make sure that selinux is disabled, or in "permissive" mode.
> Otherwise it will prevent asterisk from starting.
> Thanks for the tip:
> changing to permissive mode made it !
> Using methods suggested in , do you think its possible and worth
> the effort to configure SELinux to work with Asterisk/Systemd in
> Enforcing mode ?
> A quick look in various tuto all disable SELinux.
>  https://wiki.centos.org/HowTos/SELinux
I never spent time to figure out how selinux should be configured for
Asterisk, but it is certainly possible to do something clean about that.
I noticed that, when I install Asterisk with a custom-made RPM package,
SELinux will stop blocking it. I guess RPM has some magic embedded into
it to configure SELinux with the proper rules.
Still, is it worth the effort ? Probably not if you consider Asterisk
alone : as it is running with the unprivileged user asterisk, the
standard Linux permissions will protect your system if Asterisk is attacked.
But considering your system as a whole, disabling selinux may not be a
good idea : other processes may required to be secured with the selinux
I'm not an IT security expert, so please consider what I wrote above
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-users