[asterisk-users] Having problem getting Asterisk to work on CentOS 7
Dan Cropp
dan at amtelco.com
Wed Mar 15 09:55:34 CDT 2017
Here is the audit.log.
Does this indicate a problem with accessing the astdb.sqlite3 file?
Permissions for this file are...
[root at localhost ~]# ls -l /var/lib/asterisk/astdb.sqlite3
-rw-r--r--. 1 root root 5120 Mar 15 09:39 /var/lib/asterisk/astdb.sqlite3
[root at localhost ~]# tail -f /var/log/audit/audit.log
type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588777.432:1172): avc: denied { getattr } for pid=3844 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.432:1172): arch=c000003e syscall=4 success=no exit=-13 a0=7ffec8193380 a1=7ffec81933c0 a2=7ffec81933c0 a3=8913bc items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588777.435:1173): avc: denied { getattr } for pid=3844 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.435:1173): arch=c000003e syscall=4 success=no exit=-13 a0=26a1240 a1=7ffec8192cd0 a2=7ffec8192cd0 a3=7ffec81929f0 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588777.435:1174): avc: denied { read write } for pid=3844 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.435:1174): arch=c000003e syscall=2 success=no exit=-13 a0=26a1240 a1=80042 a2=1a4 a3=7ffec8192920 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588777.435:1175): avc: denied { read } for pid=3844 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.435:1175): arch=c000003e syscall=2 success=no exit=-13 a0=26a1240 a1=80000 a2=1a4 a3=26a1240 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588781.629:1176): avc: denied { getattr } for pid=3851 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.629:1176): arch=c000003e syscall=4 success=no exit=-13 a0=7ffffa251e80 a1=7ffffa251ec0 a2=7ffffa251ec0 a3=8913bc items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588781.633:1177): avc: denied { getattr } for pid=3851 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.633:1177): arch=c000003e syscall=4 success=no exit=-13 a0=27cf470 a1=7ffffa2517d0 a2=7ffffa2517d0 a3=7ffffa2514f0 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588781.633:1178): avc: denied { read write } for pid=3851 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.633:1178): arch=c000003e syscall=2 success=no exit=-13 a0=27cf470 a1=80042 a2=1a4 a3=7ffffa251420 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588781.633:1179): avc: denied { read } for pid=3851 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.633:1179): arch=c000003e syscall=2 success=no exit=-13 a0=27cf470 a1=80000 a2=1a4 a3=27cf470 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588785.830:1180): avc: denied { getattr } for pid=3857 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.830:1180): arch=c000003e syscall=4 success=no exit=-13 a0=7ffd6605ff40 a1=7ffd6605ff80 a2=7ffd6605ff80 a3=8913bc items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588785.834:1181): avc: denied { getattr } for pid=3857 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.834:1181): arch=c000003e syscall=4 success=no exit=-13 a0=1be0de0 a1=7ffd6605f890 a2=7ffd6605f890 a3=7ffd6605f5b0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588785.834:1182): avc: denied { read write } for pid=3857 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.834:1182): arch=c000003e syscall=2 success=no exit=-13 a0=1be0de0 a1=80042 a2=1a4 a3=7ffd6605f4e0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588785.834:1183): avc: denied { read } for pid=3857 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.834:1183): arch=c000003e syscall=2 success=no exit=-13 a0=1be0de0 a1=80000 a2=1a4 a3=1be0de0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Tzafrir Cohen
Sent: Wednesday, March 15, 2017 3:29 AM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] Having problem getting Asterisk to work on CentOS 7
On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote:
> https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_
> Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_D
> isabling_SELinux.html
>
> If disabling Selinux solves your problem, then your problem may be
> related to Selinux.
> If it does not change yout problem, you may want to look elsewhere.
>
> <editorial>It seems that a lot of things do not work with Selinux or
> have no instructions about how to make them work with Selinux that it
> almost seems like a useless feature.</editorial>
Many things work well, once properly configured. Looking at the exact error (again, audit.log) is the first step.
Once upon a time Asterisk used to be able to run with SELinux:
https://issues.asterisk.org/jira/browse/ASTERISK-3088
The problem may be missing a profile for Asterisk.
Or the fact that it interacts too much with other services? I'll have to give it a shot. At least for a stand-alone Asterisk.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list