diff --git a/scripts/wsrep_sst_common.sh b/scripts/wsrep_sst_common.sh index f23707c497a..db6415b5d1e 100644 --- a/scripts/wsrep_sst_common.sh +++ b/scripts/wsrep_sst_common.sh @@ -1230,6 +1230,13 @@ check_sockets_utils() lsof_available=0 sockstat_available=0 ss_available=0 + raw_socket_check=0 + + if [ -n "$(commandex selinuxenabled)" ] && selinuxenabled; then + raw_socket_check=1 + wsrep_log_info "/proc/net/tcp{,6} is being used directly to avoid excessive selinux AVC notices" + return 0 + fi socket_utility="$(commandex ss)" if [ -n "$socket_utility" ]; then @@ -1298,7 +1305,11 @@ check_port() local rc=2 # ENOENT - if [ $ss_available -ne 0 ]; then + if [ $raw_socket_check -ne 0 ]; then + for key in $(awk -v p="$port" 'BEGIN { hex_port = sprintf(":%04X", p) } $2 ~ hex_port && $4 == "0A" { print $10 }' /proc/net/tcp /proc/net/tcp6); do + return 0 + done + elif [ $ss_available -ne 0 ]; then $socket_utility $ss_opts -t "( sport = :$port )" 2>/dev/null | \ grep -q -E "[[:space:]]users:[[:space:]]?\\(.*\\(\"($utils)[^[:space:]]*\"[^)]*,pid=$pid(,[^)]*)?\\)" && rc=0 elif [ $sockstat_available -ne 0 ]; then diff --git a/scripts/wsrep_sst_rsync.sh b/scripts/wsrep_sst_rsync.sh index 361cef4a9fc..5b7efbf3b60 100644 --- a/scripts/wsrep_sst_rsync.sh +++ b/scripts/wsrep_sst_rsync.sh @@ -105,7 +105,9 @@ check_pid_and_port() local final if ! check_port $pid "$port" "$utils"; then - if [ $ss_available -ne 0 -o $sockstat_available -ne 0 ]; then + if [ $raw_socket_check -ne 0 ]; then + return 1 + elif [ $ss_available -ne 0 -o $sockstat_available -ne 0 ]; then if [ $ss_available -ne 0 ]; then port_info=$($socket_utility $ss_opts -t "( sport = :$port )" 2>/dev/null | \ grep -E '[[:space:]]users:[[:space:]]?\(' | \ @@ -163,7 +165,10 @@ check_pid_and_port() fi fi - check_pid "$pid_file" && [ $CHECK_PID -eq $pid ] + if [ $raw_socket_check -ne 0 ]; then + return 0 + fi + check_pid "$pid_file" && [ "$CHECK_PID" -eq "$pid" ] } get_binlog