Bug 1049091
Summary: | openstack-selinux blocks communication from dashboard to identity service | ||
---|---|---|---|
Product: | [Community] RDO | Reporter: | Tom Fifield <tom> |
Component: | openstack-selinux | Assignee: | Ryan Hallisey <rhallise> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ofer Blaut <oblaut> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | unspecified | CC: | lars, mgrepl, tom, yeylon |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-03-30 23:00:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tom Fifield
2014-01-07 01:02:50 UTC
Can you confirm if you still see this behavior with the latest Havana RDO packages? Can you attach the full /var/log/audit/audit.log file? Also, test again in permissive (setenforce 0) so I can see all the denials because there may be more. We have tunable_policy(`httpd_use_openstack',` corenet_tcp_connect_keystone_port(httpd_sys_script_t) corenet_tcp_connect_all_ephemeral_ports(httpd_t) corenet_tcp_connect_glance_port(httpd_sys_script_t) corenet_tcp_connect_osapi_compute_port(httpd_sys_script_t) ') tunable_policy(`httpd_use_openstack',` corenet_tcp_connect_osapi_compute_port(httpd_t) ') so we need to add additional rules. Actually we have tunable_policy(`httpd_use_openstack',` corenet_tcp_connect_commplex_port(httpd_sys_script_t) corenet_tcp_connect_glance_port(httpd_sys_script_t) ') in RHEL6. Which scripts does it cause? The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |