Bug 1230900

Summary: selinux denies neutron-rootwrap to read sudodb
Product: Red Hat OpenStack Reporter: Jakub Libosvar <jlibosva>
Component: openstack-selinuxAssignee: Lon Hohberger <lhh>
Status: CLOSED ERRATA QA Contact: Eran Kuris <ekuris>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.0 (Kilo)CC: amuller, chrisw, dsneddon, ihrachys, jlibosva, lhh, lmartins, mandreou, mburns, mcornea, mgrepl, nyechiel, oblaut, rhel-osp-director-maint, rlandy, yeylon
Target Milestone: gaKeywords: Automation, Regression
Target Release: 7.0 (Kilo)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-selinux-0.6.32-1.el7ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1230438 Environment:
Last Closed: 2015-08-05 13:26:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1230438    
Bug Blocks: 1228096    

Comment 1 Lon Hohberger 2015-06-12 15:41:17 UTC 
There are a couple of issues.  First, there may require policy changes:

https://bugzilla.redhat.com/show_bug.cgi?id=1230438#c13

Second, neutron-rootwrap-daemon is the wrong file context, which can be fixed in the bugzilla spec file.
Comment 3 Ihar Hrachyshka 2015-06-15 11:24:34 UTC 
@Lon, do you mean we should set selinux policy in .spec file?
Comment 4 Ihar Hrachyshka 2015-06-15 12:03:05 UTC 
OK, I see that openstack-selinux-0.6.32-1.el7ost has neutron related fixes and is tagged for rhos-7.0-rhel-7-candidate. Does it mean it will be included in ga and we can mark the bug as fixed?
Comment 5 Lon Hohberger 2015-06-16 14:05:04 UTC 
Yes.
Comment 7 Eran Kuris 2015-07-01 07:43:59 UTC 
verified  on 
stack@instack ~]$ rpm -qa |grep openstack-selinux-
openstack-selinux-0.6.35-1.el7ost.noarch

RHEL-OSP director puddle 7.0 RC - 2015-06-29.1


 installation and deployment successful 
Connection to 192.0.2.7 closed.
Overcloud Endpoint: http://192.0.2.7:5000/v2.0/
Overcloud Deployed
Comment 9 errata-xmlrpc 2015-08-05 13:26:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1548