Haproxy 啟動報錯 (SELinux is preventing /usr/sbin/haproxy from name_bind access on the tcp_socket port 1080)

本文轉載自查看原文 2020-12-05 20:36 544 Haproxy

執行啟動Haproxy的時候，報錯提示：

Job for haproxy.service failed because the control process exited with error code.
See "systemctl status haproxy.service" and "journalctl -xe" for details.

根據上面提示語，執行

journalctl -xe

然后看到錯誤信息如下：

12月 05 19:40:43 vm3 setroubleshoot[27240]: SELinux is preventing /usr/sbin/haproxy from name_bind access on the tcp_socket port 1080. For complete SELinux messages run: sealert -l 5978c05d-defb-4>
12月 05 19:40:43 vm3 platform-python[27240]: SELinux is preventing /usr/sbin/haproxy from name_bind access on the tcp_socket port 1080.

                                              *****  Plugin bind_ports (85.9 confidence) suggests   ************************

                                              If you want to allow /usr/sbin/haproxy to bind to network port 1080
                                              Then you need to modify the port type.
                                              Do
                                              # semanage port -a -t PORT_TYPE -p tcp 1080
                                                  where PORT_TYPE is one of the following: commplex_main_port_t, http_cache_port_t, http_port_t.

                                              *****  Plugin catchall_boolean (7.33 confidence) suggests   ******************

                                              If you want to allow nis to enabled
                                              Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.

                                              Do
                                              setsebool -P nis_enabled 1

                                              *****  Plugin catchall_boolean (7.33 confidence) suggests   ******************

                                              If you want to allow haproxy to connect any
                                              Then you must tell SELinux about this by enabling the 'haproxy_connect_any' boolean.

                                              Do
                                              setsebool -P haproxy_connect_any 1

                                              *****  Plugin catchall (1.35 confidence) suggests   **************************

                                              If you believe that haproxy should be allowed name_bind access on the port 1080 tcp_socket by default.
                                              Then you should report this as a bug.
                                              You can generate a local policy module to allow this access.
                                              Do
                                              allow this access for now by executing:
                                              # ausearch -c 'haproxy' --raw | audit2allow -M my-haproxy
                                              # semodule -X 300 -i my-haproxy.pp

根據提示，

If you want to allow /usr/sbin/haproxy to bind to network port 1080 Then you need to modify the port type. Do # semanage port -a -t PORT_TYPE -p tcp 1080
如果你先允許綁定到網絡端口1080， 需要修改端口類型， 如下

semanage port -a -t PORT_TYPE -p tcp 1080  # 其中 PORT_TYPE 可選值為：commplex_main_port_t, http_cache_port_t, http_port_t.

# 在這里， 我們使用 http_port_t 類型， 即執行下面命令即可
semanage port -a -t http_port_t -p tcp 1080

然后重啟haproxy 即可

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 Mysql中間件_haproxy在啟動過程中報錯_Starting proxy : cannot bind socket HAproxy Haproxy Haproxy HAProxy Haproxy啟動故障：Starting proxy:cannot bind socke 啟動elk中elasticsearch服務報錯which: no java in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin) 啟動elk中elasticsearch服務報錯which: no java in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin) Haproxy tcp 配置 haproxy tcp keepalive