[asterisk-users] Having problem getting Asterisk to work on CentOS 7
Dan Cropp
dan at amtelco.com
Wed Mar 15 10:52:21 CDT 2017
Some background to make sure this is the right track. SELINUX does seem to be the problem on startup.
The audit.log I provided is what is happening prior to executing 'setenforce 0'
Looking at astdb.sqlite3, there is only one table astdb. It has one record, which contains a key and value pair.
Key is /pbx/UUID
Value .....
Trying to understand where I should be focusing my efforts for the first problem of it not starting after a restart.
Is sqlite3 and the astdb.sqlite3 errors from the audit.log the place I should be looking into?
Or is the SELINUX issue the correct place for me to be looking? Seems to startup if I run the 'setenforce 0' (or change SELINUX setting).
Or would it be best for me to be looking into using systemd based on possible problems with safe_asterisk?
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Ron Wheeler
Sent: Wednesday, March 15, 2017 10:14 AM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] Having problem getting Asterisk to work on CentOS 7
What are you using for the database - SQLite?
I am using mysql (mariadb).
I am not familiar with SQLlite. Can you access the database from the console - look up the list of tables - display the contents from a table? Anything to see if your SQLite is working and has asterisk data in it.
>From your Asterisk console,
CLI> core show help database
should give you a list of commands that you can try.
database show -- Shows database contents
database showkey -- Shows database contents
would seem to let you know if you have a database that works.
Never had to do this but it seems an easy way to test your database connection.
Do you have webmin installed on your Centos7 box. I find that this is a handy web/graphical interface to Centos7.
On 15/03/2017 10:55 AM, Dan Cropp wrote:
Here is the audit.log.
Does this indicate a problem with accessing the astdb.sqlite3 file?
Permissions for this file are...
[root at localhost ~]# ls -l /var/lib/asterisk/astdb.sqlite3
-rw-r--r--. 1 root root 5120 Mar 15 09:39 /var/lib/asterisk/astdb.sqlite3
[root at localhost ~]# tail -f /var/log/audit/audit.log
type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588777.432:1172): avc: denied { getattr } for pid=3844 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.432:1172): arch=c000003e syscall=4 success=no exit=-13 a0=7ffec8193380 a1=7ffec81933c0 a2=7ffec81933c0 a3=8913bc items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588777.435:1173): avc: denied { getattr } for pid=3844 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.435:1173): arch=c000003e syscall=4 success=no exit=-13 a0=26a1240 a1=7ffec8192cd0 a2=7ffec8192cd0 a3=7ffec81929f0 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588777.435:1174): avc: denied { read write } for pid=3844 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.435:1174): arch=c000003e syscall=2 success=no exit=-13 a0=26a1240 a1=80042 a2=1a4 a3=7ffec8192920 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588777.435:1175): avc: denied { read } for pid=3844 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588777.435:1175): arch=c000003e syscall=2 success=no exit=-13 a0=26a1240 a1=80000 a2=1a4 a3=26a1240 items=0 ppid=1485 pid=3844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588781.629:1176): avc: denied { getattr } for pid=3851 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.629:1176): arch=c000003e syscall=4 success=no exit=-13 a0=7ffffa251e80 a1=7ffffa251ec0 a2=7ffffa251ec0 a3=8913bc items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588781.633:1177): avc: denied { getattr } for pid=3851 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.633:1177): arch=c000003e syscall=4 success=no exit=-13 a0=27cf470 a1=7ffffa2517d0 a2=7ffffa2517d0 a3=7ffffa2514f0 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588781.633:1178): avc: denied { read write } for pid=3851 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.633:1178): arch=c000003e syscall=2 success=no exit=-13 a0=27cf470 a1=80042 a2=1a4 a3=7ffffa251420 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588781.633:1179): avc: denied { read } for pid=3851 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588781.633:1179): arch=c000003e syscall=2 success=no exit=-13 a0=27cf470 a1=80000 a2=1a4 a3=27cf470 items=0 ppid=1485 pid=3851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588785.830:1180): avc: denied { getattr } for pid=3857 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.830:1180): arch=c000003e syscall=4 success=no exit=-13 a0=7ffd6605ff40 a1=7ffd6605ff80 a2=7ffd6605ff80 a3=8913bc items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588785.834:1181): avc: denied { getattr } for pid=3857 comm="asterisk" path="/var/lib/asterisk/astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.834:1181): arch=c000003e syscall=4 success=no exit=-13 a0=1be0de0 a1=7ffd6605f890 a2=7ffd6605f890 a3=7ffd6605f5b0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588785.834:1182): avc: denied { read write } for pid=3857 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.834:1182): arch=c000003e syscall=2 success=no exit=-13 a0=1be0de0 a1=80042 a2=1a4 a3=7ffd6605f4e0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
type=AVC msg=audit(1489588785.834:1183): avc: denied { read } for pid=3857 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1489588785.834:1183): arch=c000003e syscall=2 success=no exit=-13 a0=1be0de0 a1=80000 a2=1a4 a3=1be0de0 items=0 ppid=1485 pid=3857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null)
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com<mailto:asterisk-users-bounces at lists.digium.com> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Tzafrir Cohen
Sent: Wednesday, March 15, 2017 3:29 AM
To: asterisk-users at lists.digium.com<mailto:asterisk-users at lists.digium.com>
Subject: Re: [asterisk-users] Having problem getting Asterisk to work on CentOS 7
On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote:
https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_
Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_D
isabling_SELinux.html
If disabling Selinux solves your problem, then your problem may be
related to Selinux.
If it does not change yout problem, you may want to look elsewhere.
<editorial>It seems that a lot of things do not work with Selinux or
have no instructions about how to make them work with Selinux that it
almost seems like a useless feature.</editorial>
Many things work well, once properly configured. Looking at the exact error (again, audit.log) is the first step.
Once upon a time Asterisk used to be able to run with SELinux:
https://issues.asterisk.org/jira/browse/ASTERISK-3088
The problem may be missing a profile for Asterisk.
Or the fact that it interacts too much with other services? I'll have to give it a shot. At least for a stand-alone Asterisk.
--
Ron Wheeler
President
Artifact Software Inc
email: rwheeler at artifact-software.com<mailto:rwheeler at artifact-software.com>
skype: ronaldmwheeler
phone: 866-970-2435, ext 102
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170315/76f173ca/attachment.html>
More information about the asterisk-users
mailing list