Bug 1206740
Summary: | On CentOS7.1 packstack --allinone fails to start Apache because of binding error on port 5000 | ||
---|---|---|---|
Product: | [Community] RDO | Reporter: | Dax Kelson <dkelson> |
Component: | openstack-selinux | Assignee: | Lon Hohberger <lhh> |
Status: | CLOSED EOL | QA Contact: | Ofer Blaut <oblaut> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | Juno | CC: | dkelson, lars, rhallise, ricardo.arguello, somlo, srevivo |
Target Milestone: | --- | ||
Target Release: | Kilo | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-05-19 15:59:19 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dax Kelson
2015-03-27 22:53:28 UTC
# semanage port -l | grep ^http_port_t http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 Running semanage port -m -t http_port_t -p tcp 5000 does get me past this error. Meta-question: I'm on F21, and encountered this after switching from the default repositories (which offer openstack-*-2014.1.*) to https://repos.fedorapeople.org/repos/openstack/openstack-juno/ (where everything seems to be at *-2014.2.*). Neither set of packages seems to really allow "packstack --allinone" install, but it sure would be nice if there were "One True Package Group" to file bugs against :) When reporting selinux bugs, it is tremendously helpful if you can attach the audit.log containing the selinux AVC messages to the bug report. Thanks! type=AVC msg=audit(1427732394.576:20642): avc: denied { name_bind } for pid=20847 comm="httpd" src=5000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket permissive=0 This AVC was fixed in openstack-selinux-0.6.9-1.el7ost. https://bugzilla.redhat.com/show_bug.cgi?id=1180230. Are you sure you have the openstack-selinux package installed? I'm on fedora 21, and apparently there's no dedicated openstack-selinux package there. The problem is identical, though, and there was nothing RHEL specific in the metadata, so I figured this is the perfect spot to add my +1. If I'm wrong about that, please advise. Thanks ! (In reply to Ryan Hallisey from comment #5) > This AVC was fixed in openstack-selinux-0.6.9-1.el7ost. > https://bugzilla.redhat.com/show_bug.cgi?id=1180230. > > Are you sure you have the openstack-selinux package installed? # rpm -q openstack-selinux openstack-selinux-0.5.19-2.el7ost.noarch Which is the newest one available in: https://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7/ Perhaps openstack-selinux-0.6.9-1.el7ost or newer should get pushed into that repo? Correct. We'll update the repo. This bug is against a Version which has reached End of Life. If it's still present in supported release (http://releases.openstack.org), please update Version and reopen. |