Bug 1105579
Summary: | Keystone cannot send notifications | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Adam Young <ayoung> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Karel Srot <ksrot> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.0 | CC: | ayoung, lhh, mgrepl, mmalik, nkinder, rhallise, srevivo, yeylon |
Target Milestone: | pre-dev-freeze | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.13.1-2.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | 1105357 | Environment: | |
Last Closed: | 2015-03-05 10:39:28 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1105357 | ||
Bug Blocks: |
Description
Adam Young
2014-06-06 12:44:16 UTC
sudo audit2allow -a Shows #============= keystone_t ============== allow keystone_t amqp_port_t:tcp_socket name_connect; To be complete, it should also be allowed to communicate with a ZeroMQ service. I don't know if policy has a label for that, as it is on port 9501 whereas AMQP is on 5672 #============= keystone_t ============== allow keystone_t amqp_port_t:tcp_socket name_connect; #============= neutron_t ============== allow neutron_t tmp_t:dir create; neutron rule should be covered by: manage_files_pattern(neutron_t, neutron_tmp_t, neutron_tmp_t) manage_dirs_pattern(neutron_t, neutron_tmp_t, neutron_tmp_t) files_tmp_filetrans(neutron_t, neutron_tmp_t, { file dir }) $ sesearch -A -s keystone_t -t amqp_port_t Found 5 semantic av rules: allow keystone_t amqp_port_t : tcp_socket name_connect ; $ seinfo -xtneutron_tmp_t neutron_tmp_t file_type non_security_file_type polymember non_auth_file_type tmpfile Aliases quantum_tmp_t Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0458.html Has been fixed and tested via Tempest |