[SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME settings problem
Daniel-Constantin Mierla
miconda at gmail.com
Wed Apr 5 14:22:18 CEST 2017
Hello,
is kamailio already running there?
Cheers,
Daniel
On 05.04.17 14:12, Ginhoux, Patrick wrote:
>
> Hi,
>
>
>
> I have downloaded and installed only the new rpm :
> kamailio-5.0.0-10.1.x86_64.rpm. Is it enough ?
>
> Then I try to start Kamailio that fails :
>
>
>
> [root at vm-vse02-siprouter2 kamailio]# service kamailio start
>
> Starting kamailio (via systemctl): Job for kamailio.service failed.
> See 'systemctl status kamailio.service' and 'journalctl -xn' for details.
>
> [FAILED]
>
> [root at vm-vse02-siprouter2 kamailio]#
>
> [root at vm-vse02-siprouter2 kamailio]#
>
> [root at vm-vse02-siprouter2 kamailio]# systemctl status kamailio.service -l
>
> kamailio.service - SYSV: Kamailio is a fast, reliable and flexible SIP
> Server.
>
> Loaded: loaded (/etc/rc.d/init.d/kamailio)
>
> Active: failed (Result: exit-code) since Wed 2017-04-05 13:58:33
> CEST; 4s ago
>
> Process: 4724 ExecStop=/etc/rc.d/init.d/kamailio stop (code=exited,
> status=0/SUCCESS)
>
> Process: 4867 ExecStart=/etc/rc.d/init.d/kamailio start
> (code=exited, status=1/FAILURE)
>
> Main PID: 2946 (code=exited, status=0/SUCCESS)
>
>
>
> Apr 05 13:58:33 vm-vse02-siprouter2 kamailio[4878]: DEBUG: <core>
> [core/route_struct.c:129]: mk_action(): ACTION_#63 #0/2: 21(15)/
> 0x7fdd400f638 8
>
> Apr 05 13:58:33 vm-vse02-siprouter2 kamailio[4878]: DEBUG: <core>
> [core/route_struct.c:129]: mk_action(): ACTION_#63 #1/2: 22(16)/
> 0x7fdd400f588 8
>
> Apr 05 13:58:33 vm-vse02-siprouter2 kamailio[4878]: DEBUG: <core>
> [core/pvapi.c:321]: pv_cache_lookup(): pvar [$var(i:NodePath)] found
> in cache
>
> Apr 05 13:58:33 vm-vse02-siprouter2 kamailio[4878]: WARNING: <core>
> [core/cfg.y:3378]: warn_at(): warning in config file
> //etc/kamailio/kamailio .cfg, line 978, column 6-13:
> constant value in if(...)
>
> Apr 05 13:58:33 vm-vse02-siprouter2 kamailio[4878]: INFO: <core>
> [core/sctp_core.c:75]: sctp_core_check_support(): SCTP API not enabled
> - if you want to use it, load sctp module
>
> Apr 05 13:58:33 vm-vse02-siprouter2 kamailio[4880]: CRITICAL: <core>
> [core/daemonize.c:345]: daemonize(): running process found in the pid
> file /var/run/kamailio/kamailio.pid
>
> Apr 05 13:58:33 vm-vse02-siprouter2 kamailio[4867]: Starting kamailio:
>
> Apr 05 13:58:33 vm-vse02-siprouter2 systemd[1]: kamailio.service:
> control process exited, code=exited status=1
>
> Apr 05 13:58:33 vm-vse02-siprouter2 systemd[1]: Failed to start SYSV:
> Kamailio is a fast, reliable and flexible SIP Server..
>
> Apr 05 13:58:33 vm-vse02-siprouter2 systemd[1]: Unit kamailio.service
> entered failed state.
>
>
>
> I get also a strange result when I try to start Kamailio using the
> service Kamailio command, that is nothing happen, the server doesn’t
> give a status :
>
>
>
> [root at vm-vse02-siprouter2 ~]# service kamailio start
>
> Starting kamailio (via systemctl): ^C
>
>
>
> I have to send a CTRL C to break the action.
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
> *De :*Daniel-Constantin Mierla [mailto:miconda at gmail.com]
> *Envoyé :* mercredi 5 avril 2017 13:45
> *À :* Ginhoux, Patrick <patrick.ginhoux at fr.unisys.com>; Kamailio (SER)
> - Users Mailing List <sr-users at lists.sip-router.org>; Kamailio (SER) -
> Users Mailing List <sr-users at lists.kamailio.org>
> *Objet :* Re: [SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME settings problem
>
>
>
> Hello,
>
> apparently the /var/run/kamailio folder was not created by the init.d
> script for rpm, as it is done in the deb specs. I updated it and
> triggered a rebuild of rpms, available at:
>
> https://build.opensuse.org/package/show/home:kamailio:v5.0.x-rpms/kamailio50
>
> Try to upgrade and then see if it works.
>
> Later today we will release v5.0.1 and the rpms for it will have the
> new init.d script.
>
> Cheers,
> Daniel
>
>
>
> On 03.04.17 15:01, Ginhoux, Patrick wrote:
>
> Hi,
>
>
>
> I use « service kamailio start », so the init.d script that is the
> one created at the installation.
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
> *De :*sr-users [mailto:sr-users-bounces at lists.sip-router.org] *De
> la part de* Daniel-Constantin Mierla
> *Envoyé :* lundi 3 avril 2017 14:56
> *À :* Kamailio (SER) - Users Mailing List
> <sr-users at lists.kamailio.org> <mailto:sr-users at lists.kamailio.org>
> *Objet :* Re: [SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME settings
> problem
>
>
>
> Hello,
>
> how do you start Kamailio? Via init.d/systemd script?
>
> Cheers,
> Daniel
>
>
>
> On 03.04.17 14:34, Ginhoux, Patrick wrote:
>
> Hi,
>
>
>
> Selinux is disabled.
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
> *De :*Daniel-Constantin Mierla [mailto:miconda at gmail.com]
> *Envoyé :* lundi 3 avril 2017 14:33
> *À :* Ginhoux, Patrick <patrick.ginhoux at fr.unisys.com>
> <mailto:patrick.ginhoux at fr.unisys.com>; Kamailio (SER) - Users
> Mailing List <sr-users at lists.sip-router.org>
> <mailto:sr-users at lists.sip-router.org>
> *Objet :* Re: [SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME
> settings problem
>
>
>
> Hello,
>
> have you disabled selinux to see if starts ok without it?
>
> Cheers,
> Daniel
>
>
>
> On 03.04.17 13:54, Ginhoux, Patrick wrote:
>
> Hi,
>
>
>
> Well, with one of my colleagues, we did some research and
> test, but we don’t find where the privilege issue is with
> the /var/ FS.
>
> If the fifo filename is
> "/var/run/kamailio/kamailio_rpc_fifo" or
> "/var/run/kamailio_rpc_fifo", we have this privilege issue.
>
> I thought that the following declaration would prevent
> this security issue :
>
> modparam("jsonrpcs", "fifo_name", DEFINE_FIFO_NAME)
>
> modparam("jsonrpcs", "fifo_mode", 0755)
>
> modparam("jsonrpcs", "fifo_group", "kamailio")
>
> modparam("jsonrpcs", "fifo_user", "kamailio")
>
> but it is not the case.
>
>
>
> For the moment only the fifo filename
> “/tmp/kamailio_rpc_fifo" is valid for kamailio to start.
>
>
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
> *De :*Ginhoux, Patrick
> *Envoyé :* lundi 27 mars 2017 17:46
> *À :* 'miconda at gmail.com <mailto:miconda at gmail.com>'
> <miconda at gmail.com> <mailto:miconda at gmail.com>; Kamailio
> (SER) - Users Mailing List <sr-users at lists.sip-router.org>
> <mailto:sr-users at lists.sip-router.org>
> *Objet :* RE: [SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME
> settings problem
>
>
>
> Hi,
>
>
>
> I continue to investigate on this area.
>
>
>
> I’m thinking that there are some security settings on the
> FS /var/, and I’m looking for if we have the rights to
> change it (I work for a project and don’t have all the
> ability to change some settings without agreement).
>
>
>
> I’ll update you later tomorrow.
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
> *De :*Daniel-Constantin Mierla [mailto:miconda at gmail.com]
> *Envoyé :* lundi 27 mars 2017 15:28
> *À :* Ginhoux, Patrick <patrick.ginhoux at fr.unisys.com
> <mailto:patrick.ginhoux at fr.unisys.com>>; Kamailio (SER) -
> Users Mailing List <sr-users at lists.sip-router.org
> <mailto:sr-users at lists.sip-router.org>>
> *Objet :* Re: [SR-Users] RPCFIFOPATH / DEFINE_FIFO_NAME
> settings problem
>
>
>
> Hello,
>
> as recently as last week, someone encountered an file
> access problem while installing Siremis, which is using
> also some temporary files in /var/, even it was granting
> provileges via chown and chmod. All went fine after
> disabling selinux. It was on a centos.
>
> I am not saying it is the same, but it could, so try
> without centos to see if the issue persists.
>
> Cheers,
> Daniel
>
>
>
> On 27/03/2017 15:10, Ginhoux, Patrick wrote:
>
> Hi,
>
>
>
> This is the RHEL 7.1 distro, and there is use of
> selinux, apparmor or other tools.
>
>
>
> Are you meaning that the /var/run/ folder would be
> secured more than other folders?
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
> *De :*sr-users
> [mailto:sr-users-bounces at lists.sip-router.org] *De la
> part de* Daniel-Constantin Mierla
> *Envoyé :* lundi 27 mars 2017 13:52
> *À :* Kamailio (SER) - Users Mailing List
> <sr-users at lists.sip-router.org>
> <mailto:sr-users at lists.sip-router.org>
> *Objet :* Re: [SR-Users] RPCFIFOPATH /
> DEFINE_FIFO_NAME settings problem
>
>
>
> Hello,
>
> kamailio should attempt to create the
> /var/run/kamailio folder if the application is run
> with enough privileges. However, some operating
> systems add more constraints on top of the execution user.
>
> What is your OS distro? Do you have selinux, apparmor
> or other similar tools enabled?
>
> Cheers,
> Daniel
>
>
>
> On 24/03/2017 17:52, Ginhoux, Patrick wrote:
>
> In my ‘kamctlrc’ file :
>
>
>
> ## path to FIFO file for engine RPCFIFO
>
> RPCFIFOPATH="/var/run/kamailio/kamailio_rpc_fifo"
>
> #RPCFIFOPATH="/tmp/kamailio_rpc_fifo"
>
>
>
> In my ‘kamailio.cfg’ :
>
>
>
> !!ifndef DEFINE_FIFO_NAME
>
> !!define DEFINE_FIFO_NAME
> "/var/run/kamailio/kamailio_rpc_fifo"
>
> !!endif
>
>
>
>
>
> modparam("jsonrpcs", "pretty_format", 1)
>
> modparam("jsonrpcs", "transport", 2)
>
> modparam("jsonrpcs", "fifo_name", DEFINE_FIFO_NAME)
>
> modparam("jsonrpcs", "fifo_mode", 0755)
>
> modparam("jsonrpcs", "fifo_group", "kamailio")
>
> modparam("jsonrpcs", "fifo_user", "kamailio")
>
>
>
>
>
> kamailio doesn’t start. It reports ‘Permission
> denied’ :
>
>
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1138]: ERROR: jsonrpcs
> [jsonrpcs_fifo.c:144]: jsonrpc_init_fifo_server():
> Can't create FIFO: Permission denied (mode=493)
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1138]: CRITICAL: jsonrpcs
> [jsonrpcs_fifo.c:489]: jsonrpc_fifo_process():
> failed to init jsonrpc fifo server
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1120]: ALERT: <core>
> [main.c:741]: handle_sigs(): child process 1138
> exited normally, status=255
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1130]: DEBUG: <core>
> [core/sr_module.c:920]: init_mod_child(): rank 4: tm
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1137]: DEBUG: <core>
> [core/sr_module.c:920]: init_mod_child(): rank -1: tm
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1127]: DEBUG: htable
> [htable.c:226]: child_init(): rank is (1)
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1120]: INFO: <core>
> [main.c:759]: handle_sigs(): terminating due to
> SIGCHLD
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1139]: DEBUG: <core>
> [core/sr_module.c:920]: init_mod_child(): rank -2: kex
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1130]: DEBUG: tm
> [callid.c:137]: child_init_callid(): callid:
> '15b1f0d63a718465-1130 at 129.227.83.108
> <mailto:15b1f0d63a718465-1130 at 129.227.83.108>'
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1137]: DEBUG: tm
> [callid.c:137]: child_init_callid(): callid:
> '15b1f0d63a718465-1137 at 129.227.83.108
> <mailto:15b1f0d63a718465-1137 at 129.227.83.108>'
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1127]: DEBUG: <core>
> [core/action.c:1656]: run_child_one_init_route():
> attempting to run event_route[core:worker-one-init]
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1136]: INFO: <core>
> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1135]: INFO: <core>
> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1134]: INFO: <core>
> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1133]: INFO: <core>
> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1132]: INFO: <core>
> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1131]: INFO: <core>
> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1129]: INFO: <core>
> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1128]: INFO: <core>
> [main.c:814]: sig_usr(): signal 15 received
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1120]: ERROR: ctl [ctl.c:387]:
> mod_destroy(): ERROR: ctl: could not delete unix
> socket /var/run/kamailio//kamailio_ctl: Permission
> denied (13)
>
> Mar 24 17:31:21 localhost
> /usr/sbin/kamailio[1120]: ERROR: jsonrpcs
> [jsonrpcs_fifo.c:595]: jsonrpc_fifo_destroy():
> FIFO stat failed: Permission denied
>
>
>
> If I replace the values in the 2 files as
> appropriate :
>
>
>
> In the ‘kamctlrc”
> toRPCFIFOPATH="/tmp/kamailio_rpc_fifo"
>
>
>
> In the ‘kamailio.cfg” to!!define DEFINE_FIFO_NAME
> "/tmp/kamailio_rpc_fifo"
>
>
>
> Then kamailo starts :
>
>
>
> [root at vm-vse02-siprouter1 ~]# ps -ef |grep kam
>
> kamailio 1235 1 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1236 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1237 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1238 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1239 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1240 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1241 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1242 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1243 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1244 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1245 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1246 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1247 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> kamailio 1248 1235 0 17:37 ? 00:00:00
> /usr/sbin/kamailio -P /var/run/kamailio.pid -m
> 1024 -M 8 -u kamailio -g kamailio
>
> root 1251 1165 0 17:37 pts/0 00:00:00
> grep --color=auto kam
>
>
>
> and I can get result from kamctl/kamcmd commands :
>
> [root at vm-vse02-siprouter1 ~]# kamctl dispatcher dump
>
> which: no gdb in
> (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/)
>
> {
>
> "jsonrpc": "2.0",
>
> "result": {
>
> "NRSETS": 1,
>
> "RECORDS": [{
>
> "SET": {
>
> "ID": 1,
>
> "TARGETS": [{
>
> "DEST": {
>
> "URI":
> "sip:cs1-tool-misc.orange-voicemail.net:5060"
> <sip:cs1-tool-misc.orange-voicemail.net:5060>,
>
> "FLAGS": "AP",
>
> "PRIORITY": 0
>
> }
>
> }]
>
> }
>
> }]
>
> },
>
> "id": 1301
>
> }
>
> [root at vm-vse02-siprouter1 ~]# kamcmd dispatcher.list
>
> {
>
> NRSETS: 1
>
> RECORDS: {
>
> SET: {
>
> ID: 1
>
> TARGETS: {
>
> DEST: {
>
> URI:
> sip:cs1-tool-misc.orange-voicemail.net:5060
>
> FLAGS: AP
>
> PRIORITY: 0
>
> }
>
> }
>
> }
>
> }
>
> }
>
>
>
>
>
> Now, if I change the fifo patch and name to
> “/var/run/kamailio/kamailio_rpc_fifo’ and apply
> the following rights on /var/run/ to:
>
>
>
> chmod 755 kamalio/
>
> chown + kamailio:kamailio kamailio/
>
>
>
> then kamailio starts.
>
>
>
> Is there a reason for these results ?
>
>
>
> Thanks in advance for your answer.
>
>
>
> Cordialement
>
> Patrick GINHOUX
>
>
>
>
>
>
>
>
>
> _______________________________________________
>
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>
> sr-users at lists.sip-router.org
> <mailto:sr-users at lists.sip-router.org>
>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
>
>
>
> --
>
> Daniel-Constantin Mierla
>
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda
> <http://www.linkedin.com/in/miconda>
>
> Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - www.asipto.com <http://www.asipto.com>
>
> Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com <http://www.kamailioworld.com>
>
>
>
> --
>
> Daniel-Constantin Mierla
>
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda
> <http://www.linkedin.com/in/miconda>
>
> Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - www.asipto.com <http://www.asipto.com>
>
> Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com <http://www.kamailioworld.com>
>
>
>
>
>
> --
>
> Daniel-Constantin Mierla
>
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>
> Kamailio Advanced Training - May 22-24 (USA) - www.asipto.com <http://www.asipto.com>
>
> Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com <http://www.kamailioworld.com>
>
>
>
>
> --
>
> Daniel-Constantin Mierla
>
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>
> Kamailio Advanced Training - May 22-24 (USA) - www.asipto.com <http://www.asipto.com>
>
> Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com <http://www.kamailioworld.com>
>
>
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
> Kamailio Advanced Training - May 22-24 (USA) - www.asipto.com <http://www.asipto.com>
> Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com <http://www.kamailioworld.com>
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - May 22-24 (USA) - www.asipto.com
Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20170405/0737073e/attachment.html>
More information about the sr-users
mailing list