The SELinux definition allows celery to create any number of pid files with the line: allow celery_t var_run_t:file { write getattr read create unlink open }; This permission should be removed, and a new type introduced so that these permissions can target that specific filesystem label.
Attempt to fix this in 2.5.1, but if the changes are not appropriate for a z release, punt the changes to the next y or x release. At least add the documentation/explanation in 2.5.1.
This bug is more comprehensively described with in another bug [0]. That other bug also contains some more info on how to fix. [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1158169 *** This bug has been marked as a duplicate of bug 1158169 ***