Running Asterisk with SELinux

December 6, 2023
I'm not fully certain how much SELinux improves security, but I get paid by the hour, so it does improve my paycheque. After compiling Asterisk on Oracle Linux 9, I observed that it would run well when started manually from the command line, but would not run as a service. The solution was:
sudo restorecon -rv /var/lib/asterisk
sudo restorecon -rv /etc/asterisk
Additionally, I observed that when using app_voicemail_odbc, Asterisk failed immediately before attempting to perform the INSERT into the database. The error was:
app_voicemail_odbc.c:4500 store_file: Memory map failed for sound file '/var/spool/asterisk/voicemail/default/100/unavail.sln'
I used Google to search for this error and found exactly one result which was the Asterisk source. The solution that I came up with on my own, by inspecting sudo getsebool -a | grep mmap:
sudo setsebool domain_can_mmap_files on
If ever you're troubleshooting something that is failing for no apparent reason, check SELinux first.
sudo setenforce Permissive
sestatus
Re-run your command. If it now works, SELinux is the cause. You can inspect the audit log to see if it gives you any information with which to solve the problem:
sudo tail /var/log/audit/audit.log
I suppose you should re-enable SELinux after completing your testing.
sudo setenforce Enforcing
sestatus
Name: Email: (Required only if you want a reply.) Comment: