Bug 1134617
| Summary: | nova-api service denied tmpfs access | ||
|---|---|---|---|
| Product: | [Community] RDO | Reporter: | Alan Pevec <apevec> |
| Component: | openstack-selinux | Assignee: | Ryan Hallisey <rhallise> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ofer Blaut <oblaut> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | unspecified | CC: | yeylon |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.12.1-183.fc20.noarch | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-03-30 23:09:11 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I think this has been fixed in selinux-policy selinux-policy-3.12.1-183.fc20.noarch #!!!! This avc is allowed in the current policy allow nova_api_t tmpfs_t:filesystem getattr; |
Description of problem: RDO Juno Nova fails to start, error reported in nova-api.log is OSError: [Errno 38] Function not implemented in openstack/common/lockutils.py audit.log shows: avc: denied { getattr } for pid=25567 comm="nova-api" name="/" dev="tmpfs" ino=7282 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem openstack-selinux from RDO Icehouse does not help Version-Release number of selected component (if applicable): openstack-nova-api-2014.2-0.1.b2.el7.centos.noarch openstack-selinux-0.5.4-1.el7ost.noarch