Description of problem: OpenStack keystone needs the following policy: #============= keystone_t ============== allow keystone_t self:process signal; or else will throw an Error on startup. Certain LDAP-related functionality does not work without that policy too. Version-Release number of selected component (if applicable): Name : openstack-selinux Version : 0.5.19 Release : 2.el7ost From repo : openstack-juno Name : openstack-keystone Version : 2014.2.2 Release : 1.el7 From repo : openstack-juno How reproducible: Start openstack-keystone Actual results: /var/log/keystone/keystone.log will contain: 2015-03-19 19:26:12.606 17546 CRITICAL keystone [-] OSError: [Errno 13] Permission denied 2015-03-19 19:26:12.606 17546 TRACE keystone Traceback (most recent call last): 2015-03-19 19:26:12.606 17546 TRACE keystone File "/usr/bin/keystone-all", line 164, in <module> 2015-03-19 19:26:12.606 17546 TRACE keystone serve(*servers) 2015-03-19 19:26:12.606 17546 TRACE keystone File "/usr/bin/keystone-all", line 104, in serve 2015-03-19 19:26:12.606 17546 TRACE keystone launcher.wait() 2015-03-19 19:26:12.606 17546 TRACE keystone File "/usr/lib/python2.7/site-packages/keystone/openstack/common/service.py", line 410, in wait 2015-03-19 19:26:12.606 17546 TRACE keystone self.stop() 2015-03-19 19:26:12.606 17546 TRACE keystone File "/usr/lib/python2.7/site-packages/keystone/openstack/common/service.py", line 417, in stop 2015-03-19 19:26:12.606 17546 TRACE keystone os.kill(pid, signal.SIGTERM) 2015-03-19 19:26:12.606 17546 TRACE keystone OSError: [Errno 13] Permission denied 2015-03-19 19:26:12.606 17546 TRACE keystone Expected results: No such error should appear. Additional info: # audit2allow -a #============= keystone_t ============== allow keystone_t self:process signal; #============= nova_api_t ============== allow nova_api_t gconf_home_t:dir search;
This bug is against a Version which has reached End of Life. If it's still present in supported release (http://releases.openstack.org), please update Version and reopen.