Bug 1645270
| Summary: | On RHEL 7.6 Undercloud installation fails on nova-api: sudo in nova-rootwrap blocked by SELinux [rhel-7.6.z] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Oneata Mircea Teodor <toneata> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
| Severity: | high | Docs Contact: | Mirek Jahoda <mjahoda> |
| Priority: | urgent | ||
| Version: | 7.6 | CC: | jschluet, lhh, lvrabec, mgrepl, mjahoda, mmalik, plautrba, psedlak, salmy, ssekidde, toneata, vmojzis, zcaplovi |
| Target Milestone: | rc | Keywords: | Triaged, ZStream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Prior to this update, rules that allow processes labeled with the "nova_t" domain to use Pluggable Authentication Modules (PAM) were missing in the SELinux policy. Consequently, with SELinux in enforcing mode, the installation of the OpenStack Undercloud node failed on starting the "openstack-nova-api" service and SELinux denied also other PAM processes related to "nova_t". With this update, the missing allow rules have been added, and SELinux no longer denies "nova_t" to use PAM.
|
Story Points: | --- |
| Clone Of: | 1640528 | Environment: | |
| Last Closed: | 2018-11-27 01:21:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1640528 | ||
| Bug Blocks: | |||
|
Description
Oneata Mircea Teodor
2018-11-01 19:06:22 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3664 |