Back to bug 1325623

Who When What Removed Added
Emilien Macchi 2016-04-10 12:41:31 UTC CC lhh, mgrepl
Component openstack-cinder openstack-selinux
Assignee eharney rhallise
QA Contact nlevinki ushkalim
Ofer Blaut 2016-04-11 06:21:21 UTC CC oblaut
Ryan Hallisey 2016-04-12 13:25:37 UTC CC hguemar
Attachment #1146169 Attachment is obsolete 0 1
Fixed In Version openstack-selinux-0.7.1-1.el7ost
Ryan Hallisey 2016-04-12 13:25:55 UTC Status NEW MODIFIED
Ryan Hallisey 2016-04-12 21:58:18 UTC Fixed In Version openstack-selinux-0.7.1-1.el7ost openstack-selinux-0.7.2-1.el7ost
errata-xmlrpc 2016-04-14 19:28:06 UTC Status MODIFIED ON_QA
Jason Joyce 2016-04-14 19:36:10 UTC Status ON_QA MODIFIED
John Skeoch 2016-04-18 07:54:44 UTC CC yeylon srevivo
Perry Myers 2016-04-19 00:43:38 UTC CC pmyers
errata-xmlrpc 2016-05-04 13:07:17 UTC Status MODIFIED ON_QA
Udi Shkalim 2016-05-31 16:05:33 UTC Status ON_QA VERIFIED
Ryan Hallisey 2016-07-19 20:01:17 UTC Doc Text Cause: Cinder API in WSGI with Apache is generating AVCs.

Consequence: Cinder API fails to run.

Fix: Allow httpd to open the Cinder API log file.

Result: Cinder API in WSGI runs without AVCs.
errata-xmlrpc 2016-08-11 01:51:16 UTC Status VERIFIED RELEASE_PENDING
errata-xmlrpc 2016-08-11 12:15:59 UTC Status RELEASE_PENDING CLOSED
Resolution --- ERRATA
Last Closed 2016-08-11 08:15:59 UTC
Deepti Navale 2016-08-17 00:39:46 UTC CC dnavale
Doc Text Cause: Cinder API in WSGI with Apache is generating AVCs.

Consequence: Cinder API fails to run.

Fix: Allow httpd to open the Cinder API log file.

Result: Cinder API in WSGI runs without AVCs. 		Previously, running the Block Storage API in WSGI with Apache and SELinux in the 'enforce' mode resulted in an AVC, as SELinux prevented the '/usr/sbin/httpd' from access to the '/var/log/cinder/cinder-api.log' file.

With this update, 'httpd' is allowed access to the Block Storage API log file. As a result, the Block Storage API in WSGI runs without AVCs.

Back to bug 1325623