I am reopening this bug. There are still httpd related AVCs with Keystone on F21.
Created attachment 1011795 [details] audit.log httpd related messages
Created attachment 1011796 [details] audit2allow -a -w output
Created attachment 1011797 [details] audit2allow -a -R output
We need this fixed ASAP as it is causing a lot of problems for people trying to deploy OpenStack on F21.
Hi, Do you have some reproducer?
https://www.rdoproject.org/Quickstart Use the Kilo repo for f21: https://repos.fedorapeople.org/repos/openstack/openstack-kilo/rdo-release-kilo-0.noarch.rpm
Failed again: https://bugzilla.redhat.com/show_bug.cgi?id=1207098#c20
commit f6fdaaaba8065f3f727f1360bd505cd78b154c21 Author: Miroslav Grepl <mgrepl> Date: Tue May 12 10:21:03 2015 +0200 Allow cinder-backup to dbus chat with systemd-logind. BZ(1207098) commit d7d35ca3d310bb042e7d51565edb1d1b9e162436 Author: Miroslav Grepl <mgrepl> Date: Tue May 12 10:14:26 2015 +0200 Update httpd_use_openstack boolean to allow httpd to bind commplex_main_port and read keystone log files.
selinux-policy-3.13.1-105.18.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.18.fc21
Package selinux-policy-3.13.1-105.18.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.18.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-10708/selinux-policy-3.13.1-105.18.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-105.19.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.19.fc21
selinux-policy-3.13.1-105.19.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.