Bug 1099040

Summary: Neutron is unable to create directory in /tmp
Product: Red Hat OpenStack Reporter: Ihar Hrachyshka <ihrachys>
Component: openstack-selinuxAssignee: Solly Ross <sross>
Status: CLOSED CURRENTRELEASE QA Contact: Ami Jeain <ajeain>
Severity: high Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: chrisw, dallan, ihrachys, lhh, mgrepl, mmagr, nyechiel, rhallise, yeylon
Target Milestone: ---   
Target Release: 5.0 (RHEL 6)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1098524 Environment:
Last Closed: 2014-06-12 18:49:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1098524, 1099042, 1099044    
Bug Blocks:    

Comment 2 Ryan Hallisey 2014-06-04 14:52:06 UTC 
Can you duplicate this in permissive and attach your 
/var/log/audit/audit.log file?

There maybe be more denials then this and permissive should catch them all.
Comment 3 Ihar Hrachyshka 2014-06-04 15:16:09 UTC 
I'm not the one who originally reported the bug (it's just cloned here by me).
Comment 4 Ryan Hallisey 2014-06-04 17:10:23 UTC 
Given the current avc, here is the fix:

allow neutron_t tmp_t:dir create;

Add to Selinux policy for RHEL 6.6.

What do you think mgrepl?
Comment 5 Miroslav Grepl 2014-06-06 12:26:57 UTC 
No. We have


manage_files_pattern(neutron_t, neutron_tmp_t, neutron_tmp_t)
manage_dirs_pattern(neutron_t, neutron_tmp_t, neutron_tmp_t)
files_tmp_filetrans(neutron_t, neutron_tmp_t, { file dir })

rules which cover it.
Comment 6 Lon Hohberger 2014-06-12 18:49:24 UTC 
This is the RHEL6 clone which should be covered by existing policy - so closing.