Switching SELinux to enforcing mode in production

SELinux (Security-Enhanced Linux) is weird. It comes bundled with Amazon Linux and CentOS Linux but is in Disabled mode by default. You can check using the getenforce command like this:

[ec2-user@ip-172-31-26-55] ~]$ getenforce
Disabled

You can also run SELinux in Permissive mode which just means that it logs to /var/log/audit/audit.log the things that it would block if it were in Enforcing mode.

Switching SELinux to Enforcing mode in production is not something you should do lightly. It can cause things to break in mysterious ways.

Continue reading Switching SELinux to enforcing mode in production

Launching a Clojure Socket REPL inside a Spring Boot Java application

Launching a Clojure Socket REPL inside Spring Boot

In your pom.xml for Maven:

<dependency>
  <groupId>org.clojure</groupId>
  <artifactId>clojure</artifactId>
  <version>1.10.0</version>
</dependency>

At the top of your App.java file:

import clojure.java.api.Clojure;
import clojure.lang.IFn;

Then just after app.run() in your main method add the following:

 // Load Clojure to trigger starting of socket REPL server
 IFn plus = Clojure.var("clojure.core", "+");
 System.out.println("Clojure loaded! 1 + 2 = " + plus.invoke(1, 2).toString());

Thanks to the helpful folks in this forum thread: https://clojureverse.org/t/attaching-a-repl-to-an-arbitrary-java-application/2462/4

You can then nc localhost 5555 and mess around like so:

(def ctx (com.example.commons.ApplicationContextProvider/getApplicationContext))

(def service (.getBean ctx com.example.service.impl.SmsService))
(.sendMessage service "61400000000" "hello from repl")

(def ds (.getBean ctx "dataSource"))