On 2020-04-24 12:47, Veiko Kukk wrote:
HAproxy 2.0.14 on CentOS 7.7.1908 with PCRE2 JIT enabled (USE_PCRE2=1
USE_PCRE2_JIT=1).
When starting it with configuration that has following ACL regex line,
it fails:
acl path_is_foo path_reg
^\/video\/[a-zA-Z0-9_-]{43}\/[a-z0-9]{8}\/videos\/
Error message:
error detected while parsing ACL 'path_is_foo' : regex
'^\/video\/[a-zA-Z0-9_-]{43}\/[a-z0-9]{8}\/videos\/' jit compilation
failed.
Hi again,
It has happened to many of us that after asking for help, a good idea to
test/debug comes.
It turned out to be selinx issue.
#============= haproxy_t ==============
#!!!! This avc can be allowed using the boolean 'cluster_use_execmem'
allow haproxy_t self:process execmem;
I wonder if somewhere in HAproxy documentation about pcre jit, it is
mentioned that in case of selinux, selinux rules must be changed for the
jit to work. If not, would be nice to add it.
--
Best regards,
Veiko
