Bug 1362609
| Summary: | glance-registry AVC name_connect when using memcached | ||
|---|---|---|---|
| Product: | [Community] RDO | Reporter: | David Moreau Simard <dmsimard> |
| Component: | openstack-selinux | Assignee: | Ryan Hallisey <rhallise> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ofer Blaut <oblaut> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | trunk | CC: | rhallise, srevivo |
| Target Milestone: | --- | ||
| Target Release: | trunk | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-selinux-0.7.5-1.el7ost | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-02-17 15:40:18 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
# Bugzilla 1362609 corenet_tcp_connect_memcache_port(glance_registry_t) |
In audit.log: type=AVC msg=audit(1469800130.190:99833): avc: denied { name_connect } for pid=17120 comm="glance-registry" dest=11211 scontext=system_u:system_r:glance_registry_t:s0 tcontext=system_u:object_r:memcache_port_t:s0 tclass=tcp_socket This can be reproduced with the parameter: [keystone_authtoken] memcached_servers = 127.0.0.1:11211 in glance-registry.conf Reproduced the issue on Mitaka with: # rpm -qa |egrep "openstack-selinux|glance|memcached" openstack-glance-12.0.0-1.el7.noarch python-glance-12.0.0-1.el7.noarch python-glanceclient-2.0.0-1.el7.noarch memcached-1.4.25-1.el7.x86_64 python-memcached-1.54-3.el7.noarch python-glance-store-0.13.1-1.el7.noarch openstack-selinux-0.7.2-1.el7.noarch