Varnish 4 service won't start because of selinux

Question

I've installed varnish 4 on my new centos 6.5 box. I've activated EPEL repo to install varnish from http://repo.varnish-cache.org/redhat/varnish-4.0/ After installing and configuring my default.vcl I can't start service varnish, I always get something in /var/log/audit/audit.log telling me that selinux prevented varnishd to start :

type=AVC msg=audit(1412184576.830:242): avc:  denied  { getattr } for  pid=4623 comm="varnishd" path="/etc/hosts" dev=vda1 ino=17248 scontext=unconfined_u:system_r:varnishd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
type=SYSCALL msg=audit(1412184576.830:242): arch=c000003e syscall=5 success=no exit=-13 a0=3 a1=7fff399e8290 a2=7fff399e8290 a3=0 items=0 ppid=4620 pid=4623 auid=0 uid=498 gid=497 euid=498 suid=498 fsuid=498 egid=497 sgid=497 fsgid=497 tty=pts0 ses=1 comm="varnishd" exe="/usr/sbin/varnishd" subj=unconfined_u:system_r:varnishd_t:s0 key=(null)

I've tried to use audit2allow but besides the installation of the resulting module, I get the same errors...

Have you tried generating a human readable format of your logs using something like `sealert -a /var/log/audit/audit.log > /path/to/mylogfile.txt`? More at http://wiki.centos.org/HowTos/SELinux — KM., Oct 02 '14 at 00:12

score 1 · Answer 1 · answered Oct 03 '14 at 09:13

1

I've managed to make it working : disable selinux, run varnish, then re-enable selinux, reboot, start the service, and then do a grep varnishd_t /var/log/audit/audit.log | audit2allow -M myvarnish When the module is enabled, the service now starts...

answered Oct 03 '14 at 09:13

k4cy

213
1
9

I have used the command mentioned, and it worked for me without the need to disable selinux or reboot. – user1007727 Dec 20 '15 at 18:02

Varnish 4 service won't start because of selinux

1 Answers1