Bug 1949382
Summary: | openstack-selinux is missing a set of required policy overrides | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Andrea Veri <averi> |
Component: | openstack-selinux | Assignee: | Julie Pichon <jpichon> |
Status: | CLOSED DUPLICATE | QA Contact: | nlevinki <nlevinki> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 16.1 (Train) | CC: | lhh, lvrabec |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-04-14 09:39:35 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Andrea Veri
2021-04-14 07:28:45 UTC
Hi, thank you for the report. Most of these rules should be covered by https://github.com/redhat-openstack/openstack-selinux/commit/d1e3cb9409f8579a53bee6004e83d0be7ec9780a, though that would not be out yet for 16.1. Looking closer, this looks eerily similar to bug 1941412, where the SELinux issue was only a symptom and not the root cause. It was due to the new containers not being restarted because the image tag hadn't changed, so I think it would be worthwhile to try one of the workarounds described in https://access.redhat.com/solutions/5896881 first and see if that helps. If that doesn't work, could you please reproduce the problem in permissive mode and attach the permissive audit logs, as well as confirm the openstack-selinux version on the system? If I provided you with a test package that includes the commit above, would you be able to test it on the system? Thank you. Julie, I can confirm https://access.redhat.com/solutions/5896881 was the actual problem we were experiencing, thanks, I believe this can be closed or be made a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1941412, thanks! Glad the workaround worked, thank you for following up! *** This bug has been marked as a duplicate of bug 1941412 *** |