With SELinux enabled I am unable to install the undercloud due to openstack-ironic-inspector-dnsmasq service failing to start. Packages (SELinux): openstack-selinux-0.6.41-1.el7.noarch Release: Red Hat Enterprise Linux Server release 7.1 (Maipo) 3.10.0-229.el7.x86_64 type=AVC msg=audit(1445455304.383:1354): avc: denied { read } for pid=33372 comm="dnsmasq" name="tftpboot" dev="dm-1" ino=7516527816 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=dir
Where is the dir located that dnsmasq is reading from? default_t is given to a top level created dir. Ex) `mkdir /mydir` will have the label default_t. So if you are creating say a config file directory or a log file directory in '/', then the type is going to be set to default_t. You will need to run a `restorecon -r /mydir` and see if that fixes the label. I don't think the solution for this should include an allow rule for default_t.
I think it could be the conf-file : nobody 23191 0.0 0.0 15496 416 ? S 12:34 0:00 /sbin/dnsmasq --conf-file=/etc/ironic-inspector/dnsmasq.conf
To confirm the type do `ls -lZd /etc/ironic-inspector` I'm guessing it's default_t
Hey Ryan, drwxr-xr-x. root ironic-inspector system_u:object_r:etc_t:s0 /etc/ironic-inspector
This bug is against a Version which has reached End of Life. If it's still present in supported release (http://releases.openstack.org), please update Version and reopen.