Bug 1315457
Summary: | Nova API can't be started in WSGI with Apache | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Emilien Macchi <emacchi> |
Component: | openstack-selinux | Assignee: | Ryan Hallisey <rhallise> |
Status: | CLOSED ERRATA | QA Contact: | Udi Shkalim <ushkalim> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 9.0 (Mitaka) | CC: | dnavale, emacchi, lhh, mgrepl, srevivo |
Target Milestone: | ga | ||
Target Release: | 9.0 (Mitaka) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openstack-selinux-0.6.57-1.el7ost | Doc Type: | Bug Fix |
Doc Text: |
Previously, the absence of SELinux policy that allowed the Compute API to be started in WSGI with Apache resulted in an AVC in the audit.log.
With this update, Compute is able to bond to the HTTP's port and runs without errors when started in WSGI with Apache.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-08-11 12:14:49 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Emilien Macchi
2016-03-07 19:29:20 UTC
One more AVC type=AVC msg=audit(1457450838.6:501): avc: denied { name_bind } for pid=23197 comm="httpd" src=8774 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:osapi_compute_port_t:s0 tclass=tcp_socket Does the current director deployment recreate the scenario mention above - "Deploy Apache and configure it to run Nova API wsgi" ? Yes, only on the undercloud though. Verified on: openstack-selinux-0.7.3-3.el7ost.noarch BM setup undercloud don't have any AVC regarding httpd or nova. Using this undercloud i was able to successfully deploy overcloud 3 controllers 1 compute. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-1597.html |