Banged my head for a while with why I couldn't get fifo working for the Control Panel I was getting "sorry -- cannot open write fifo".
Hope this can help other and maybe even make it into the docs. Found two problems. 1. Apache process couldn't use /tmp/opensips_fifo because the permissions were prw-rw---- 1 root root I fixed that temporarily by chmod o+rw /tmp/opensips Unfortunately restarting opensips voids that fix unless you do chmod after each start after the fifo is created So I changed the user opensips runs as using the -u apache -g apache options. This solved my problem and made my system more safe from hackers through sip messages. 2. SELinux (hate the good thing) was also blocking apache using it. I did some googling and found some mention of disabling selinux. Tried that and things worked. So I tried that and whala! IT WORKED!!! Now I was bummed cause I don't want to completely disable SELinux, pain though it is. So I finally broke down and looked into the docs on for SELinux and found audit2allow. YEA All you have to do to get SELinux to permantly allow something that should happen is pipe the audit lines that show the problem from /var/log/audit/audit.log (or /var/log/messages) Since an app my stop trying things SELinux may block after an initial rejection you want to set SELinux to permissive with setenforce Permissive Perform the actions like us the MI from opensips-cp stopped by selinux before then you can use the logs to allow those specific actions. I used less to find the specific lines then copied them into a file with just those lines. Here is an example with a file that only has the audit logs I want to allow: cat selinux_blocked_my_app | audit2allow -M opensipscp semodule -i opensipscp.pp That is it!! I wanted to transport it to other servers and make it easy to do on an install so I dug a little more and came up with this I can just cut and paste: cat > opensipscp.te <<EOF module opensipscp 1.0; require { type httpd_t; type tmp_t; class fifo_file { write getattr setattr read create unlink }; } #============= httpd_t ============== allow httpd_t tmp_t:fifo_file { write getattr setattr read create unlink }; EOF checkmodule -M -m -o opensipscp.mod opensipscp.te semodule_package -o opensipscp.pp -m opensipscp.mod semodule -i opensipscp.pp /bin/rm opensipscp.pp opensipscp.te opensipscp.mod Be sure in config/boxes.global.inc.php you have (or what you have for the fifo file) $boxes[$box_id]['mi']['conn']="/tmp/opensips_fifo";
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users