Bug 801352

Summary: SELinux policy for OpenStack's new nova-cert service
Product: [Fedora] Fedora Reporter: Mark McLoughlin <markmc>
Component: selinux-policy-targetedAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Ben Levenson <benl>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: akscram, alexander.sakhnov, asalkeld, bfilippov, dwalsh, jonathansteffan, markmc, matt_domsch, mlvov, pbrady, p, rbryant, rkukura
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: selinux-policy-3.10.0-104.fc17 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-21 18:53:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Mark McLoughlin 2012-03-08 10:46:40 UTC 
The nova-cert service was added to openstack-nova in Fedora 17.

It is currently running unconfined:

  $ ps -eZ | grep nova-cert
  system_u:system_r:initrc_t:s0    5707 ?        00:00:02 nova-cert
Comment 1 Miroslav Grepl 2012-03-08 13:48:47 UTC 
What does this service do?
Comment 2 Pádraig Brady 2012-03-08 14:12:49 UTC 
> What does this service do?

http://pkgs.fedoraproject.org/gitweb/?p=openstack-nova.git;a=commit;h=e278ec1
Comment 3 Miroslav Grepl 2012-03-09 13:00:48 UTC 
We added fixes to the latest policy -98 release which is available from koji. 

Could you test it?

Also please execute 

$ semodule -d unconfined

and test it. After testing execute

$ semodule -e unconfined
Comment 4 Fedora Update System 2012-03-19 17:54:34 UTC 
selinux-policy-3.10.0-103.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-103.fc17
Comment 5 Fedora Update System 2012-03-20 06:07:37 UTC 
Package selinux-policy-3.10.0-104.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-104.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-4248/selinux-policy-3.10.0-104.fc17
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2012-03-21 18:53:23 UTC 
selinux-policy-3.10.0-104.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.