Bug 1170223
| Summary: | Need selinux policy for OpenStack Keystone running in Apache with mod_wsgi | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Rich Megginson <rmeggins> | ||||||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
| Severity: | urgent | Docs Contact: | |||||||||
| Priority: | urgent | ||||||||||
| Version: | 21 | CC: | apevec, dominick.grift, dwalsh, ebenes, extras-qa, lvrabec, markmc, mgrepl, mmagr, mmalik, nfritz, nkinder, plautrba, rmeggins, ukalifon, yeylon | ||||||||
| Target Milestone: | --- | Keywords: | Reopened, Tracking | ||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | selinux-policy-3.13.1-105.19.fc21 | Doc Type: | Bug Fix | ||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | 1170218 | ||||||||||
| : | 1170224 (view as bug list) | Environment: | |||||||||
| Last Closed: | 2015-07-14 15:50:19 UTC | Type: | Bug | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Bug Depends On: | 1111274, 1122764, 1122767, 1138424, 1170218, 1180230 | ||||||||||
| Bug Blocks: | 1123117, 1126594, 1154615, 1170224, 1170225, 1170370, 1170372 | ||||||||||
| Attachments: |
|
||||||||||
|
Comment 1
Rich Megginson
2015-04-07 14:26:45 UTC
Created attachment 1011795 [details]
audit.log httpd related messages
Created attachment 1011796 [details]
audit2allow -a -w output
Created attachment 1011797 [details]
audit2allow -a -R output
We need this fixed ASAP as it is causing a lot of problems for people trying to deploy OpenStack on F21. Hi, Do you have some reproducer? https://www.rdoproject.org/Quickstart Use the Kilo repo for f21: https://repos.fedorapeople.org/repos/openstack/openstack-kilo/rdo-release-kilo-0.noarch.rpm Failed again: https://bugzilla.redhat.com/show_bug.cgi?id=1207098#c20 commit f6fdaaaba8065f3f727f1360bd505cd78b154c21
Author: Miroslav Grepl <mgrepl>
Date: Tue May 12 10:21:03 2015 +0200
Allow cinder-backup to dbus chat with systemd-logind. BZ(1207098)
commit d7d35ca3d310bb042e7d51565edb1d1b9e162436
Author: Miroslav Grepl <mgrepl>
Date: Tue May 12 10:14:26 2015 +0200
Update httpd_use_openstack boolean to allow httpd to bind commplex_main_port and read keystone log files.
selinux-policy-3.13.1-105.18.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.18.fc21 Package selinux-policy-3.13.1-105.18.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.18.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-10708/selinux-policy-3.13.1-105.18.fc21 then log in and leave karma (feedback). selinux-policy-3.13.1-105.19.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.19.fc21 selinux-policy-3.13.1-105.19.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. |