Bug 1447779
Summary: | Need to make significant changes to SElinux policy in order to accommodate glance with solidfire cinder backend | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Andreas Karis <akaris> | ||||
Component: | openstack-selinux | Assignee: | Lon Hohberger <lhh> | ||||
Status: | CLOSED ERRATA | QA Contact: | Mike Abrams <mabrams> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 10.0 (Newton) | CC: | eharney, jjoyce, lhh, mburns, mgrepl, oblaut, pgrist, rhallise, srevivo, tshefi, tvignaud | ||||
Target Milestone: | ga | Keywords: | Triaged, ZStream | ||||
Target Release: | 12.0 (Pike) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | openstack-selinux-0.8.8-0.20170804200925.ad96ed3.el7ost | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-12-13 21:25:26 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1293435, 1646932 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Andreas Karis
2017-05-03 19:28:56 UTC
Do you yes, I do ;-) Joke aside, something still doesn't seem to be right with the policies for glance with a cinder backend (although we did have problems with the installation of the latest opesntack-selinux policies, so this probably didn't help, neither). Whoops - what I meant was - do you have the full AVC logs? :) Created attachment 1281730 [details]
Just the AVCs.
It looks like there needs to be an ability to execute domain transitions to: - fsadm_exec_t - iscsid_exec_t - sudo_exec_t ^ Need to look more at this one. Adding a dependent BZ. Glance Cinder backends is an RFE for OSP12 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:3462 |