HAProxy community

Cannot run external healtcheck as systemd service with selinux enabled

Hi,

I have some strange issue.
If I run haproxy as systemd service (version 1.8 from centos-scl-repository) I have issues running external healthchecks.

I get following error:

[ALERT] 022/162700 (23160) : Failed to exec process for external health check: Permission denied. Aborting.

When running the same from commandline it works as expected.
chroot is currently deactivated.

After a lot of trying I found out, that the issue is triggered by selinux. When I disable selinux with setenforce 0 the error vanishes. If I reenable it, the error is there again.

I already executed the command setsebool -P haproxy_connect_any=1.

Thanks for any help
Andreas

External healthcheck sessions are a workaround for your issue, I strongly suggest you drop stunnel instead.

I don’t have any advice regarding systemd unit files and selinux configurations.