Bug 1180230

Summary: Http needs the ability to talk to keystone
Product: Red Hat OpenStack Reporter: Ryan Hallisey <rhallise>
Component: openstack-selinuxAssignee: Ryan Hallisey <rhallise>
Status: CLOSED CURRENTRELEASE QA Contact: yeylon <yeylon>
Severity: unspecified Docs Contact:
Priority: urgent    
Version: 6.0 (Juno)CC: apevec, ebenes, lhh, lvrabec, markmc, mgrepl, mmagr, mmalik, nfritz, nkinder, rhallise, rmeggins, srevivo, ukalifon, yeylon
Target Milestone: ---Keywords: Tracking
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-selinux-0.6.9-1.el7ost Doc Type: Bug Fix
Doc Text:
Cause: Http types fail to talk to Keystone when SELinux is enabled. Consequence: Keystone fails to run. Fix: Add optional policy to fix this issue when running RHEL 7.1. Result: Http is able to interact with Keystone.
 Story Points: ---
Clone Of: 1138424 Environment:
Last Closed: 2015-08-17 19:56:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1111274, 1122764, 1122767    
Bug Blocks: 1123117, 1126594, 1154615, 1170218, 1170223, 1170224, 1170225, 1170370, 1170372    

Comment 1 Alan Pevec 2015-06-02 22:54:51 UTC 
Was this upstreamed to the Fedora selinux-policy?

For RDO Juno on Fedora I had to revert default to systemd service, otherwise default packstack fails with selinux enabled:  https://review.openstack.org/187208
Comment 3 Ryan Hallisey 2015-06-15 11:51:24 UTC 
Ya both those rules are in upstream selinux-policy.
Comment 4 Lon Hohberger 2015-08-17 19:56:55 UTC 
This has been resolved in RHEL OSP 6 for some time.