Bug 1180230 - Http needs the ability to talk to keystone
Summary: Http needs the ability to talk to keystone
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-selinux
Version: 6.0 (Juno)
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Ryan Hallisey
QA Contact: yeylon@redhat.com
Depends On: 1111274 1122764 1122767
Blocks: 1123117 1126594 1154615 1170218 1170223 1170224 1170225 1170370 1170372
TreeView+ depends on / blocked
Reported: 2015-01-08 16:34 UTC by Ryan Hallisey
Modified: 2016-04-26 16:48 UTC (History)
15 users (show)

Fixed In Version: openstack-selinux-0.6.9-1.el7ost
Doc Type: Bug Fix
Doc Text:
Cause: Http types fail to talk to Keystone when SELinux is enabled. Consequence: Keystone fails to run. Fix: Add optional policy to fix this issue when running RHEL 7.1. Result: Http is able to interact with Keystone.
Clone Of: 1138424
Last Closed: 2015-08-17 19:56:55 UTC
Target Upstream Version:

Attachments (Terms of Use)

Comment 1 Alan Pevec 2015-06-02 22:54:51 UTC
Was this upstreamed to the Fedora selinux-policy?

For RDO Juno on Fedora I had to revert default to systemd service, otherwise default packstack fails with selinux enabled:  https://review.openstack.org/187208

Comment 3 Ryan Hallisey 2015-06-15 11:51:24 UTC
Ya both those rules are in upstream selinux-policy.

Comment 4 Lon Hohberger 2015-08-17 19:56:55 UTC
This has been resolved in RHEL OSP 6 for some time.

Note You need to log in before you can comment on or make changes to this bug.