Description of problem: When running haproxy with the `nbthread` directive in the configuration selinux breaks the `http-request auth` functionality. Version-Release number of selected component (if applicable): haproxy-1.8.14 How reproducible: Always Steps to Reproduce: 1. git clone https://github.com/rbjorklin/selinux-haproxy-bug.git 2. ./setup29.sh 3. visit http://localhost:8080/ 4. enter credentials test/test Actual results: Credential popup keeps reappearing. Expected results: Proceeds to loading page correctly. Additional info: The above works when `setenforce 0` is executed. No selinux denials are created even with `semodule -DB`. The problem also appears under Fedora 28.
Could you collect SELinux denials, which appeared on your machine as result of the reproducer, and attach them here? # ausearch -m avc -m user_avc -m selinux_err -m user_selinux_err -i -ts today The denials will help us understand where the problem is. Thank you.
I'm closing this one and setting haproxy as the target component instead of selinux-policy. Some further testing on my end showed that the problem did appear with selinux turned off after all. *** This bug has been marked as a duplicate of bug 1643941 ***