Hi,

 

This is the RHEL 7.1 distro, and there is use of selinux, apparmor or other tools.             

 

Are you meaning that the /var/run/ folder would be secured more than other folders?

 

Cordialement

Patrick GINHOUX

 

De : sr-users [mailto:sr-users-bounces@lists.sip-router.org] De la part de Daniel-Constantin Mierla
Envoyé : lundi 27 mars 2017 13:52
À : Kamailio (SER) - Users Mailing List <sr-users@lists.sip-router.org>
Objet : Re: [SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME settings problem

 

Hello,

kamailio should attempt to create the /var/run/kamailio folder if the application is run with enough privileges. However, some operating systems add more constraints on top of the execution user.

What is your OS distro? Do you have selinux, apparmor or other similar tools enabled?

Cheers,
Daniel

 

On 24/03/2017 17:52, Ginhoux, Patrick wrote:

In my ‘kamctlrc’ file :

 

## path to FIFO file for engine RPCFIFO

RPCFIFOPATH="/var/run/kamailio/kamailio_rpc_fifo"

#RPCFIFOPATH="/tmp/kamailio_rpc_fifo"

 

In my ‘kamailio.cfg’ :

 

!!ifndef DEFINE_FIFO_NAME

!!define DEFINE_FIFO_NAME "/var/run/kamailio/kamailio_rpc_fifo"

!!endif  

 

 

modparam("jsonrpcs", "pretty_format", 1)

modparam("jsonrpcs", "transport", 2)

modparam("jsonrpcs", "fifo_name", DEFINE_FIFO_NAME)

modparam("jsonrpcs", "fifo_mode", 0755)

modparam("jsonrpcs", "fifo_group", "kamailio")

modparam("jsonrpcs", "fifo_user", "kamailio")

 

 

kamailio doesn’t start. It reports ‘Permission denied’ :

 

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1138]: ERROR: jsonrpcs [jsonrpcs_fifo.c:144]: jsonrpc_init_fifo_server(): Can't create FIFO: Permission denied (mode=493)

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1138]: CRITICAL: jsonrpcs [jsonrpcs_fifo.c:489]: jsonrpc_fifo_process(): failed to init jsonrpc fifo server

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1120]: ALERT: <core> [main.c:741]: handle_sigs(): child process 1138 exited normally, status=255

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1130]: DEBUG: <core> [core/sr_module.c:920]: init_mod_child(): rank 4: tm

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1137]: DEBUG: <core> [core/sr_module.c:920]: init_mod_child(): rank -1: tm

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1127]: DEBUG: htable [htable.c:226]: child_init(): rank is (1)

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1120]: INFO: <core> [main.c:759]: handle_sigs(): terminating due to SIGCHLD

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1139]: DEBUG: <core> [core/sr_module.c:920]: init_mod_child(): rank -2: kex

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1130]: DEBUG: tm [callid.c:137]: child_init_callid(): callid: '15b1f0d63a718465-1130@129.227.83.108'

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1137]: DEBUG: tm [callid.c:137]: child_init_callid(): callid: '15b1f0d63a718465-1137@129.227.83.108'

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1127]: DEBUG: <core> [core/action.c:1656]: run_child_one_init_route(): attempting to run event_route[core:worker-one-init]

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1136]: INFO: <core> [main.c:814]: sig_usr(): signal 15 received

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1135]: INFO: <core> [main.c:814]: sig_usr(): signal 15 received

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1134]: INFO: <core> [main.c:814]: sig_usr(): signal 15 received

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1133]: INFO: <core> [main.c:814]: sig_usr(): signal 15 received

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1132]: INFO: <core> [main.c:814]: sig_usr(): signal 15 received

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1131]: INFO: <core> [main.c:814]: sig_usr(): signal 15 received

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1129]: INFO: <core> [main.c:814]: sig_usr(): signal 15 received

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1128]: INFO: <core> [main.c:814]: sig_usr(): signal 15 received

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1120]: ERROR: ctl [ctl.c:387]: mod_destroy(): ERROR: ctl: could not delete unix socket /var/run/kamailio//kamailio_ctl: Permission denied (13)

Mar 24 17:31:21 localhost /usr/sbin/kamailio[1120]: ERROR: jsonrpcs [jsonrpcs_fifo.c:595]: jsonrpc_fifo_destroy(): FIFO stat failed: Permission denied

 

If I replace the values in the 2 files as appropriate :

 

In the ‘kamctlrc” to RPCFIFOPATH="/tmp/kamailio_rpc_fifo"

 

In the ‘kamailio.cfg” to !!define DEFINE_FIFO_NAME "/tmp/kamailio_rpc_fifo"

 

Then kamailo starts :

 

[root@vm-vse02-siprouter1 ~]# ps -ef |grep kam

kamailio  1235     1  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1236  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1237  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1238  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1239  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1240  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1241  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1242  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1243  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1244  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1245  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1246  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1247  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

kamailio  1248  1235  0 17:37 ?        00:00:00 /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M 8 -u kamailio -g kamailio

root      1251  1165  0 17:37 pts/0    00:00:00 grep --color=auto kam

 

and I can get result from kamctl/kamcmd commands :

[root@vm-vse02-siprouter1 ~]# kamctl dispatcher dump

which: no gdb in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/)

{

  "jsonrpc":  "2.0",

  "result": {

    "NRSETS": 1,

    "RECORDS":  [{

        "SET":  {

          "ID": 1,

          "TARGETS":  [{

              "DEST": {

                "URI":  "sip:cs1-tool-misc.orange-voicemail.net:5060",

                "FLAGS":  "AP",

                "PRIORITY": 0

              }

            }]

        }

      }]

  },

  "id": 1301

}

[root@vm-vse02-siprouter1 ~]# kamcmd dispatcher.list

{

        NRSETS: 1

        RECORDS: {

                SET: {

                        ID: 1

                        TARGETS: {

                                DEST: {

                                        URI: sip:cs1-tool-misc.orange-voicemail.net:5060

                                        FLAGS: AP

                                        PRIORITY: 0

                                }

                        }

                }

        }

}

 

 

Now, if I change the fifo patch and name to “/var/run/kamailio/kamailio_rpc_fifo’ and apply the following rights on /var/run/  to:

 

chmod 755 kamalio/

chown + kamailio:kamailio kamailio/

 

then kamailio starts.

 

Is there a reason for these results ?

 

Thanks in advance for your answer.

 

Cordialement

Patrick GINHOUX

 




_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - www.asipto.com
Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com