Bug 1290117

Summary: Guest instance should work with SELinux in enforcing mode
Product: Red Hat OpenStack Reporter: Luigi Toscano <ltoscano>
Component: openstack-troveAssignee: Victoria Martinez de la Cruz <vimartin>
Status: CLOSED WONTFIX QA Contact: Luigi Toscano <ltoscano>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0 (Liberty)CC: apevec, lhh, pmackinn, rhallise, srevivo
Target Milestone: ---   
Target Release: 9.0 (Mitaka)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-29 18:30:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Luigi Toscano 2015-12-09 16:53:00 UTC 
Description of problem:
Currently, SELinux is set to permissive in guest instances. It should be possible to set it to Enforcing (with some rules).
Comment 1 Luigi Toscano 2015-12-10 11:59:17 UTC 
Context: api-config.ini is used for the first time in Sahara post-Liberty, see
https://review.openstack.org/#/c/231989/
https://bugs.launchpad.net/sahara/+bug/1503983
Comment 2 Ryan Hallisey 2016-06-29 18:27:56 UTC 
Can you report any AVCs you get from running in permissive mode? We can see about those landing in openstack-selinux.