1180230 – Http needs the ability to talk to keystone

Bug 1180230 - Http needs the ability to talk to keystone

Summary: Http needs the ability to talk to keystone

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-selinux
Sub Component:
Version:	6.0 (Juno)
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Ryan Hallisey
QA Contact:	yeylon@redhat.com
Docs Contact:
URL:
Whiteboard:
Depends On:	1111274 1122764 1122767
Blocks:	1123117 1126594 1154615 1170218 1170223 1170224 1170225 1170370 1170372
TreeView+	depends on / blocked

Reported:	2015-01-08 16:34 UTC by Ryan Hallisey
Modified:	2016-04-26 16:48 UTC (History)
CC List:	15 users (show)
Fixed In Version:	openstack-selinux-0.6.9-1.el7ost
Doc Type:	Bug Fix
Doc Text:	Cause: Http types fail to talk to Keystone when SELinux is enabled. Consequence: Keystone fails to run. Fix: Add optional policy to fix this issue when running RHEL 7.1. Result: Http is able to interact with Keystone.
Clone Of:	1138424
Environment:
Last Closed:	2015-08-17 19:56:55 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Comment 1 Alan Pevec 2015-06-02 22:54:51 UTC

Was this upstreamed to the Fedora selinux-policy?

For RDO Juno on Fedora I had to revert default to systemd service, otherwise default packstack fails with selinux enabled:  https://review.openstack.org/187208

Comment 3 Ryan Hallisey 2015-06-15 11:51:24 UTC

Ya both those rules are in upstream selinux-policy.

Comment 4 Lon Hohberger 2015-08-17 19:56:55 UTC

This has been resolved in RHEL OSP 6 for some time.

Note You need to log in before you can comment on or make changes to this bug.