Bug 1652297
Summary: | SELinux denies container to container synchronization | |||
---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Alberto Gonzalez <alberto.gonzalez> | |
Component: | openstack-selinux | Assignee: | Zoli Caplovic <zcaplovi> | |
Status: | CLOSED ERRATA | QA Contact: | Jon Schlueter <jschluet> | |
Severity: | low | Docs Contact: | ||
Priority: | low | |||
Version: | 13.0 (Queens) | CC: | alberto.gonzalez, jpichon, lhh, mburns, mgrepl | |
Target Milestone: | z5 | Keywords: | Triaged, ZStream | |
Target Release: | 13.0 (Queens) | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | openstack-selinux-0.8.16-1.el7ost | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1658606 1658611 1658612 1658617 1658618 1658619 (view as bug list) | Environment: | ||
Last Closed: | 2019-03-14 13:34:19 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1658606, 1658611, 1658612, 1658617, 1658618, 1658619 |
Description
Alberto Gonzalez
2018-11-21 20:03:26 UTC
Hello Alberto, just for confirmation - the statement: "The missing rule is the following: allow swift_t swift_data_t:lnk_file create;" can be understood as "we need to add this rule and it will be working" or as "this seems to be the probable cause". Thank you for the clarification Zoli Caplovic Hello, we need to add this rule and it will be working Thanks Alberto for the clarification. Will work on adding the rule. Zoli The AVC in the description is for { read } but the rule suggested is for { create }. Was there a mistake when copying the AVC details or should both rules be added? Submitted https://github.com/redhat-openstack/openstack-selinux/pull/24 to be on the safe side and resolve the failing test. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:0564 |