Bug 1230900 - selinux denies neutron-rootwrap to read sudodb
Summary: selinux denies neutron-rootwrap to read sudodb
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-selinux
Version: 7.0 (Kilo)
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ga
: 7.0 (Kilo)
Assignee: Lon Hohberger
QA Contact: Eran Kuris
URL:
Whiteboard:
Depends On: 1230438
Blocks: 1228096
TreeView+ depends on / blocked
 
Reported: 2015-06-11 17:46 UTC by Jakub Libosvar
Modified: 2023-02-22 23:02 UTC (History)
16 users (show)

Fixed In Version: openstack-selinux-0.6.32-1.el7ost
Doc Type: Bug Fix
Doc Text:
Clone Of: 1230438
Environment:
Last Closed: 2015-08-05 13:26:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2015:1548 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory 2015-08-05 17:07:06 UTC

Comment 1 Lon Hohberger 2015-06-12 15:41:17 UTC 
There are a couple of issues.  First, there may require policy changes:

https://bugzilla.redhat.com/show_bug.cgi?id=1230438#c13

Second, neutron-rootwrap-daemon is the wrong file context, which can be fixed in the bugzilla spec file.
Comment 3 Ihar Hrachyshka 2015-06-15 11:24:34 UTC 
@Lon, do you mean we should set selinux policy in .spec file?
Comment 4 Ihar Hrachyshka 2015-06-15 12:03:05 UTC 
OK, I see that openstack-selinux-0.6.32-1.el7ost has neutron related fixes and is tagged for rhos-7.0-rhel-7-candidate. Does it mean it will be included in ga and we can mark the bug as fixed?
Comment 5 Lon Hohberger 2015-06-16 14:05:04 UTC 
Yes.
Comment 7 Eran Kuris 2015-07-01 07:43:59 UTC 
verified  on 
stack@instack ~]$ rpm -qa |grep openstack-selinux-
openstack-selinux-0.6.35-1.el7ost.noarch

RHEL-OSP director puddle 7.0 RC - 2015-06-29.1


 installation and deployment successful 
Connection to 192.0.2.7 closed.
Overcloud Endpoint: http://192.0.2.7:5000/v2.0/
Overcloud Deployed
Comment 9 errata-xmlrpc 2015-08-05 13:26:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1548
Note You need to log in before you can comment on or make changes to this bug.