Cannot run external healtcheck as systemd service with selinux enabled

asp · January 23, 2020, 3:33pm

Hi,

I have some strange issue.
If I run haproxy as systemd service (version 1.8 from centos-scl-repository) I have issues running external healthchecks.

I get following error:

[ALERT] 022/162700 (23160) : Failed to exec process for external health check: Permission denied. Aborting.

When running the same from commandline it works as expected.
chroot is currently deactivated.

After a lot of trying I found out, that the issue is triggered by selinux. When I disable selinux with setenforce 0 the error vanishes. If I reenable it, the error is there again.

I already executed the command setsebool -P haproxy_connect_any=1.

Thanks for any help
Andreas

lukastribus · January 23, 2020, 4:42pm

External healthcheck sessions are a workaround for your issue, I strongly suggest you drop stunnel instead.

I don’t have any advice regarding systemd unit files and selinux configurations.

Topic		Replies	Views
External-check and chroot Help!	14	9644	May 25, 2023
External-check with chroot not working Help!	3	3524	May 8, 2020
External Health checks with ACL? Help!	6	582	May 25, 2023
External Health Check CURL Help!	1	1473	November 4, 2022
Trying to run haproxy as non-root ... not working Help!	4	6958	June 10, 2019

Cannot run external healtcheck as systemd service with selinux enabled

Related topics