<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Le 19/12/2016 à 17:10, Olivier a écrit :<br>
<blockquote
cite="mid:CAPeT9jjmM-+jc4hzb0audJwFEQS_i=3E-cT1pQKZWhS2CySBkw@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-12-19 16:11 GMT+01:00 Jean Aunis
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:jean.aunis@prescom.fr" target="_blank">jean.aunis@prescom.fr</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<div>
<div class="gmail-h5"> Le 19/12/2016 à 15:54, Olivier
a écrit :<br>
<blockquote type="cite">
<div dir="ltr"><snip><br>
<div> <br>
</div>
<div>Running systemctl start asterisk fails with
:<br>
Dec 19 15:43:08 foobar systemd: PID file
/var/run/asterisk/asterisk.pid not readable
(yet?) after start.<br>
Dec 19 15:43:09 foobar systemd:
asterisk.service: main process exited,
code=exited, status=1/FAILURE<br>
Dec 19 15:43:09 foobar asterisk: Unable to
connect to remote asterisk (does
/var/run/asterisk/asterisk.ctl exist?)<br>
Dec 19 15:43:09 foobar systemd:
asterisk.service: control process exited,
code=exited status=1<br>
Dec 19 15:43:09 foobar systemd: Unit
asterisk.service entered failed state.<br>
Dec 19 15:43:09 foobar systemd:
asterisk.service failed.<br>
<br>
<br>
</div>
<div>But /usr/sbin/asterisk -vvvgF -U asterisk
-G asterisk -C /etc/asterisk/asterisk.conf
succeeds:<br>
# rasterisk <br>
Asterisk 13.13.1, Copyright (C) 1999 - 2014,
Digium, Inc. and others.<br>
...<br>
==============================<wbr>==============================<wbr>=============<br>
Running as user 'asterisk'<br>
Running under group 'asterisk'<br>
Connected to Asterisk 13.13.1 currently
running on ...<br>
</div>
<div><br>
</div>
<div>Any hint or help on how to debug this ?<br>
</div>
<div>(I tried with and without any /run/asterisk
directory owned by asterisk.asterisk)<br>
<br>
<br>
</div>
<div>Best regards<br>
</div>
</div>
<br>
<fieldset
class="gmail-m_-3923443312113133807mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</div>
</div>
<p>Hello,</p>
<p>Make sure that selinux is disabled, or in
"permissive" mode. Otherwise it will prevent asterisk
from starting.</p>
</div>
</blockquote>
<div><br>
</div>
<div>Thanks for the tip:<br>
changing to permissive mode made it !<br>
</div>
<div><br>
Using methods suggested in [1], do you think its possible
and worth the effort to configure SELinux to work with
Asterisk/Systemd in Enforcing mode ?<br>
</div>
<div>A quick look in various tuto all disable SELinux.<br>
<br>
</div>
<div><br>
<br>
[1] <a moz-do-not-send="true"
href="https://wiki.centos.org/HowTos/SELinux">https://wiki.centos.org/HowTos/SELinux</a><br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
I never spent time to figure out how selinux should be configured
for Asterisk, but it is certainly possible to do something clean
about that. I noticed that, when I install Asterisk with a
custom-made RPM package, SELinux will stop blocking it. I guess RPM
has some magic embedded into it to configure SELinux with the proper
rules.<br>
<br>
Still, is it worth the effort ? Probably not if you consider
Asterisk alone : as it is running with the unprivileged user
asterisk, the standard Linux permissions will protect your system if
Asterisk is attacked.<br>
But considering your system as a whole, disabling selinux may not be
a good idea : other processes may required to be secured with the
selinux stuff.<br>
<br>
I'm not an IT security expert, so please consider what I wrote above
with caution.<br>
</body>
</html>