[SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME settings problem
Daniel-Constantin Mierla
miconda at gmail.com
Wed Apr 5 13:45:24 CEST 2017
Hello,
apparently the /var/run/kamailio folder was not created by the init.d
script for rpm, as it is done in the deb specs. I updated it and
triggered a rebuild of rpms, available at:
https://build.opensuse.org/package/show/home:kamailio:v5.0.x-rpms/kamailio50
Try to upgrade and then see if it works.
Later today we will release v5.0.1 and the rpms for it will have the new
init.d script.
Cheers,
Daniel
On 03.04.17 15:01, Ginhoux, Patrick wrote:
>
> Hi,
>
>
>
> I use « service kamailio start », so the init.d script that is the one
> created at the installation.
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
> *De :*sr-users [mailto:sr-users-bounces at lists.sip-router.org] *De la
> part de* Daniel-Constantin Mierla
> *Envoyé :* lundi 3 avril 2017 14:56
> *À :* Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Objet :* Re: [SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME settings problem
>
>
>
> Hello,
>
> how do you start Kamailio? Via init.d/systemd script?
>
> Cheers,
> Daniel
>
>
>
> On 03.04.17 14:34, Ginhoux, Patrick wrote:
>
> Hi,
>
>
>
> Selinux is disabled.
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
> *De :*Daniel-Constantin Mierla [mailto:miconda at gmail.com]
> *Envoyé :* lundi 3 avril 2017 14:33
> *À :* Ginhoux, Patrick <patrick.ginhoux at fr.unisys.com>
> <mailto:patrick.ginhoux at fr.unisys.com>; Kamailio (SER) - Users
> Mailing List <sr-users at lists.sip-router.org>
> <mailto:sr-users at lists.sip-router.org>
> *Objet :* Re: [SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME settings
> problem
>
>
>
> Hello,
>
> have you disabled selinux to see if starts ok without it?
>
> Cheers,
> Daniel
>
>
>
> On 03.04.17 13:54, Ginhoux, Patrick wrote:
>
> Hi,
>
>
>
> Well, with one of my colleagues, we did some research and
> test, but we don’t find where the privilege issue is with the
> /var/ FS.
>
> If the fifo filename is "/var/run/kamailio/kamailio_rpc_fifo"
> or "/var/run/kamailio_rpc_fifo", we have this privilege issue.
>
> I thought that the following declaration would prevent this
> security issue :
>
> modparam("jsonrpcs", "fifo_name", DEFINE_FIFO_NAME)
>
> modparam("jsonrpcs", "fifo_mode", 0755)
>
> modparam("jsonrpcs", "fifo_group", "kamailio")
>
> modparam("jsonrpcs", "fifo_user", "kamailio")
>
> but it is not the case.
>
>
>
> For the moment only the fifo filename “/tmp/kamailio_rpc_fifo"
> is valid for kamailio to start.
>
>
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
> *De :*Ginhoux, Patrick
> *Envoyé :* lundi 27 mars 2017 17:46
> *À :* 'miconda at gmail.com <mailto:miconda at gmail.com>'
> <miconda at gmail.com> <mailto:miconda at gmail.com>; Kamailio (SER)
> - Users Mailing List <sr-users at lists.sip-router.org>
> <mailto:sr-users at lists.sip-router.org>
> *Objet :* RE: [SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME
> settings problem
>
>
>
> Hi,
>
>
>
> I continue to investigate on this area.
>
>
>
> I’m thinking that there are some security settings on the FS
> /var/, and I’m looking for if we have the rights to change it
> (I work for a project and don’t have all the ability to change
> some settings without agreement).
>
>
>
> I’ll update you later tomorrow.
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
> *De :*Daniel-Constantin Mierla [mailto:miconda at gmail.com]
> *Envoyé :* lundi 27 mars 2017 15:28
> *À :* Ginhoux, Patrick <patrick.ginhoux at fr.unisys.com
> <mailto:patrick.ginhoux at fr.unisys.com>>; Kamailio (SER) -
> Users Mailing List <sr-users at lists.sip-router.org
> <mailto:sr-users at lists.sip-router.org>>
> *Objet :* Re: [SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME
> settings problem
>
>
>
> Hello,
>
> as recently as last week, someone encountered an file access
> problem while installing Siremis, which is using also some
> temporary files in /var/, even it was granting provileges via
> chown and chmod. All went fine after disabling selinux. It was
> on a centos.
>
> I am not saying it is the same, but it could, so try without
> centos to see if the issue persists.
>
> Cheers,
> Daniel
>
>
>
> On 27/03/2017 15:10, Ginhoux, Patrick wrote:
>
> Hi,
>
>
>
> This is the RHEL 7.1 distro, and there is use of selinux,
> apparmor or other tools.
>
>
>
> Are you meaning that the /var/run/ folder would be secured
> more than other folders?
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
> *De :*sr-users
> [mailto:sr-users-bounces at lists.sip-router.org] *De la part
> de* Daniel-Constantin Mierla
> *Envoyé :* lundi 27 mars 2017 13:52
> *À :* Kamailio (SER) - Users Mailing List
> <sr-users at lists.sip-router.org>
> <mailto:sr-users at lists.sip-router.org>
> *Objet :* Re: [SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME
> settings problem
>
>
>
> Hello,
>
> kamailio should attempt to create the /var/run/kamailio
> folder if the application is run with enough privileges.
> However, some operating systems add more constraints on
> top of the execution user.
>
> What is your OS distro? Do you have selinux, apparmor or
> other similar tools enabled?
>
> Cheers,
> Daniel
>
>
>
> On 24/03/2017 17:52, Ginhoux, Patrick wrote:
>
> In my ‘kamctlrc’ file :
>
>
>
> ## path to FIFO file for engine RPCFIFO
>
> RPCFIFOPATH="/var/run/kamailio/kamailio_rpc_fifo"
>
> #RPCFIFOPATH="/tmp/kamailio_rpc_fifo"
>
>
>
> In my ‘kamailio.cfg’ :
>
>
>
> !!ifndef DEFINE_FIFO_NAME
>
> !!define DEFINE_FIFO_NAME
> "/var/run/kamailio/kamailio_rpc_fifo"
>
> !!endif
>
>
>
>
>
> modparam("jsonrpcs", "pretty_format", 1)
>
> modparam("jsonrpcs", "transport", 2)
>
> modparam("jsonrpcs", "fifo_name", DEFINE_FIFO_NAME)
>
> modparam("jsonrpcs", "fifo_mode", 0755)
>
> modparam("jsonrpcs", "fifo_group", "kamailio")
>
> modparam("jsonrpcs", "fifo_user", "kamailio")
>
>
>
>
>
> kamailio doesn’t start. It reports ‘Permission denied’ :
>
>
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1138]:
> ERROR: jsonrpcs [jsonrpcs_fifo.c:144]:
> jsonrpc_init_fifo_server(): Can't create FIFO:
> Permission denied (mode=493)
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1138]:
> CRITICAL: jsonrpcs [jsonrpcs_fifo.c:489]:
> jsonrpc_fifo_process(): failed to init jsonrpc fifo server
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1120]:
> ALERT: <core> [main.c:741]: handle_sigs(): child
> process 1138 exited normally, status=255
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1130]:
> DEBUG: <core> [core/sr_module.c:920]:
> init_mod_child(): rank 4: tm
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1137]:
> DEBUG: <core> [core/sr_module.c:920]:
> init_mod_child(): rank -1: tm
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1127]:
> DEBUG: htable [htable.c:226]: child_init(): rank is (1)
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1120]:
> INFO: <core> [main.c:759]: handle_sigs(): terminating
> due to SIGCHLD
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1139]:
> DEBUG: <core> [core/sr_module.c:920]:
> init_mod_child(): rank -2: kex
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1130]:
> DEBUG: tm [callid.c:137]: child_init_callid(): callid:
> '15b1f0d63a718465-1130 at 129.227.83.108
> <mailto:15b1f0d63a718465-1130 at 129.227.83.108>'
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1137]:
> DEBUG: tm [callid.c:137]: child_init_callid(): callid:
> '15b1f0d63a718465-1137 at 129.227.83.108
> <mailto:15b1f0d63a718465-1137 at 129.227.83.108>'
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1127]:
> DEBUG: <core> [core/action.c:1656]:
> run_child_one_init_route(): attempting to run
> event_route[core:worker-one-init]
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1136]:
> INFO: <core> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1135]:
> INFO: <core> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1134]:
> INFO: <core> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1133]:
> INFO: <core> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1132]:
> INFO: <core> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1131]:
> INFO: <core> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1129]:
> INFO: <core> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1128]:
> INFO: <core> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1120]:
> ERROR: ctl [ctl.c:387]: mod_destroy(): ERROR: ctl:
> could not delete unix socket
> /var/run/kamailio//kamailio_ctl: Permission denied (13)
>
> Mar 24 17:31:21 localhost /usr/sbin/kamailio[1120]:
> ERROR: jsonrpcs [jsonrpcs_fifo.c:595]:
> jsonrpc_fifo_destroy(): FIFO stat failed: Permission
> denied
>
>
>
> If I replace the values in the 2 files as appropriate :
>
>
>
> In the ‘kamctlrc” toRPCFIFOPATH="/tmp/kamailio_rpc_fifo"
>
>
>
> In the ‘kamailio.cfg” to!!define DEFINE_FIFO_NAME
> "/tmp/kamailio_rpc_fifo"
>
>
>
> Then kamailo starts :
>
>
>
> [root at vm-vse02-siprouter1 ~]# ps -ef |grep kam
>
> kamailio 1235 1 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1236 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1237 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1238 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1239 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1240 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1241 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1242 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1243 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1244 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1245 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1246 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1247 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> kamailio 1248 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -M
> 8 -u kamailio -g kamailio
>
> root 1251 1165 0 17:37 pts/0 00:00:00 grep
> --color=auto kam
>
>
>
> and I can get result from kamctl/kamcmd commands :
>
> [root at vm-vse02-siprouter1 ~]# kamctl dispatcher dump
>
> which: no gdb in
> (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/)
>
> {
>
> "jsonrpc": "2.0",
>
> "result": {
>
> "NRSETS": 1,
>
> "RECORDS": [{
>
> "SET": {
>
> "ID": 1,
>
> "TARGETS": [{
>
> "DEST": {
>
> "URI":
> "sip:cs1-tool-misc.orange-voicemail.net:5060"
> <sip:cs1-tool-misc.orange-voicemail.net:5060>,
>
> "FLAGS": "AP",
>
> "PRIORITY": 0
>
> }
>
> }]
>
> }
>
> }]
>
> },
>
> "id": 1301
>
> }
>
> [root at vm-vse02-siprouter1 ~]# kamcmd dispatcher.list
>
> {
>
> NRSETS: 1
>
> RECORDS: {
>
> SET: {
>
> ID: 1
>
> TARGETS: {
>
> DEST: {
>
> URI:
> sip:cs1-tool-misc.orange-voicemail.net:5060
>
> FLAGS: AP
>
> PRIORITY: 0
>
> }
>
> }
>
> }
>
> }
>
> }
>
>
>
>
>
> Now, if I change the fifo patch and name to
> “/var/run/kamailio/kamailio_rpc_fifo’ and apply the
> following rights on /var/run/ to:
>
>
>
> chmod 755 kamalio/
>
> chown + kamailio:kamailio kamailio/
>
>
>
> then kamailio starts.
>
>
>
> Is there a reason for these results ?
>
>
>
> Thanks in advance for your answer.
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
>
>
>
>
>
> _______________________________________________
>
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>
> sr-users at lists.sip-router.org
> <mailto:sr-users at lists.sip-router.org>
>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
>
>
> --
>
> Daniel-Constantin Mierla
>
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda
> <http://www.linkedin.com/in/miconda>
>
> Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - www.asipto.com <http://www.asipto.com>
>
> Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com <http://www.kamailioworld.com>
>
>
>
> --
>
> Daniel-Constantin Mierla
>
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>
> Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - www.asipto.com <http://www.asipto.com>
>
> Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com <http://www.kamailioworld.com>
>
>
>
>
> --
>
> Daniel-Constantin Mierla
>
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>
> Kamailio Advanced Training - May 22-24 (USA) - www.asipto.com <http://www.asipto.com>
>
> Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com <http://www.kamailioworld.com>
>
>
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
> Kamailio Advanced Training - May 22-24 (USA) - www.asipto.com <http://www.asipto.com>
> Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com <http://www.kamailioworld.com>
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - May 22-24 (USA) - www.asipto.com
Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20170405/d329478b/attachment-0001.html>
More information about the sr-users
mailing list