Dave - Thanks for sharing this! I had the exact same problem and hadn't figured out a solution yet. Much appreciated.
Skyler On Thu, Jan 13, 2011 at 5:51 PM, Dave Singer <dave.sin...@wideideas.com>wrote: > Banged my head for a while with why I couldn't get fifo working for the > Control Panel > I was getting "sorry -- cannot open write fifo". > > Hope this can help other and maybe even make it into the docs. > Found two problems. > > 1. Apache process couldn't use /tmp/opensips_fifo because the permissions > were prw-rw---- 1 root root > I fixed that temporarily by chmod o+rw /tmp/opensips > Unfortunately restarting opensips voids that fix unless you do chmod after > each start after the fifo is created > So I changed the user opensips runs as using the -u apache -g apache > options. > This solved my problem and made my system more safe from hackers through > sip messages. > > 2. SELinux (hate the good thing) was also blocking apache using it. > I did some googling and found some mention of disabling selinux. Tried that > and things worked. > So I tried that and whala! IT WORKED!!! > Now I was bummed cause I don't want to completely disable SELinux, pain > though it is. > So I finally broke down and looked into the docs on for SELinux and found > audit2allow. YEA > All you have to do to get SELinux to permantly allow something that should > happen is pipe the audit lines that show the problem from > /var/log/audit/audit.log (or /var/log/messages) > Since an app my stop trying things SELinux may block after an initial > rejection you want to set SELinux to permissive with > setenforce Permissive > Perform the actions like us the MI from opensips-cp stopped by selinux > before then you can use the logs to allow those specific actions. > I used less to find the specific lines then copied them into a file with > just those lines. > > Here is an example with a file that only has the audit logs I want to > allow: > cat selinux_blocked_my_app | audit2allow -M opensipscp > semodule -i opensipscp.pp > > That is it!! > I wanted to transport it to other servers and make it easy to do on an > install so I dug a little more and came up with this I can just cut and > paste: > > cat > opensipscp.te <<EOF > > module opensipscp 1.0; > > require { > type httpd_t; > type tmp_t; > class fifo_file { write getattr setattr read create unlink }; > } > > #============= httpd_t ============== > allow httpd_t tmp_t:fifo_file { write getattr setattr read create unlink }; > EOF > > checkmodule -M -m -o opensipscp.mod opensipscp.te > semodule_package -o opensipscp.pp -m opensipscp.mod > semodule -i opensipscp.pp > /bin/rm opensipscp.pp opensipscp.te opensipscp.mod > > > Be sure in config/boxes.global.inc.php you have (or what you have for the > fifo file) > $boxes[$box_id]['mi']['conn']="/tmp/opensips_fifo"; > > > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > >
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users