This definitely isn't an SELinux issue on my end. I've also seen Varnish work fine with SELinux (after policy updates as Dridi mentioned).
On Mon, Feb 20, 2017 at 4:43 PM, Dridi Boukelmoune <[email protected]> wrote: > On Mon, Feb 20, 2017 at 11:25 PM, Daniel Parthey <[email protected]> wrote: > > It might be an SElinux Problem. Varnish 4.1.3 seems incompatible with the > > default SELinux Rules on CentOS. We ran into problems with child workers > > when selinux was enabled. > > I don't think it's related to SELinux. The main problem with > CentOS/Red Hat/Fedora is the SELinux policy shipped by those > distributions. They give very little margin and it becomes easy to > make a change in your configuration that ends up rejected. At the > same time conservative defaults give a smaller attack surface... > > > setenforce 0 > > service varnish restart > > > > and for permanent boot-safe change: > > > > /etc/sysconfig/selinux > > selinux=disabled > > This is _not_ how you solve SELinux problems. You switch to > permissive, collect audit logs while running offending software, > update the policy and switch back to enforcing. > > > Might make varnish more stable. > > > > Not sure why the default CentOS Policy (at least on CentOS 7) affect > varnish > > master/child communications. > > It should not, I'd like to see evidence that this is happening. Please > open a github issue on the pkg-varnish-cache project if you manage > to reproduce it and let us know how. > > Dridi >
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
