1189929 – Glance AVC messages

RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/

Bug 1189929 - Glance AVC messages

Summary: Glance AVC messages

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	RDO
Classification:	Community
Component:	openstack-selinux
Sub Component:
Version:	Juno
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	Juno
Assignee:	Lon Hohberger
QA Contact:	Ofer Blaut
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-02-05 20:58 UTC by Lars Kellogg-Stedman
Modified:	2016-05-19 15:41 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-19 15:41:11 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Lars Kellogg-Stedman 2015-02-05 20:58:01 UTC

Installing RDO Juno onto Fedora 21, with:

- openstack-glance-2014.2.1-2.fc22.noarch
- selinux-policy-3.13.1-105.fc21.noarch

Results in the following failures:

#============= glance_api_t ==============

#!!!! This avc can be allowed using the boolean 'glance_api_can_network'
allow glance_api_t keystone_port_t:tcp_socket name_connect;

#============= glance_registry_t ==============
allow glance_registry_t keystone_port_t:tcp_socket name_connect;

Corresponding to the following audit log entries:

type=AVC msg=audit(1423167734.333:15446): avc:  denied  { name_connect } for  pid=29984 comm="glance-api" dest=35357 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:keystone_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1423167734.519:15447): avc:  denied  { name_connect } for  pid=29981 comm="glance-registry" dest=35357 scontext=system_u:system_r:glance_registry_t:s0 tcontext=system_u:object_r:keystone_port_t:s0 tclass=tcp_socket permissive=1

Comment 1 Flavio Percoco 2015-02-06 10:04:57 UTC

Was openstack-selinux installed?

Comment 2 Lars Kellogg-Stedman 2015-02-06 13:59:43 UTC

Flavio:

# yum repolist
Loaded plugins: priorities
repo id                        repo name                                  status
fedora/21/x86_64               Fedora 21 - x86_64                         42,816
openstack-juno/21              OpenStack Juno Repository                     959
updates/21/x86_64              Fedora 21 - x86_64 - Updates                7,426
repolist: 51,201

# yum install openstack-selinux
Loaded plugins: priorities
No package openstack-selinux available.
Error: Nothing to do

There is no openstack-selinux package available in the RDO repository.

Comment 3 Chandan Kumar 2016-05-19 15:41:11 UTC

This bug is against a Version which has reached End of Life.
If it's still present in supported release (http://releases.openstack.org), please update Version and reopen.

Note You need to log in before you can comment on or make changes to this bug.