Deploying OpenStack Mitaka List if packages: http://logs.openstack.org/73/308573/1/check/gate-puppet-openstack-integration-3-scenario002-tempest-centos-7/6db963b/logs/rpm-qa.txt.gz openstack-selinux-0.7.2-1.el7.noarch 2016-04-20 21:23:59.663 | SELinux is preventing /usr/bin/python2.7 from name_connect access on the tcp_socket port 49185. 2016-04-20 21:23:59.663 | 2016-04-20 21:23:59.663 | ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** 2016-04-20 21:23:59.663 | 2016-04-20 21:23:59.663 | If you want to allow swift to can network 2016-04-20 21:23:59.663 | Then you must tell SELinux about this by enabling the 'swift_can_network' boolean. 2016-04-20 21:23:59.664 | 2016-04-20 21:23:59.664 | Do 2016-04-20 21:23:59.664 | setsebool -P swift_can_network 1 2016-04-20 21:23:59.664 | 2016-04-20 21:23:59.664 | ***** Plugin catchall (11.6 confidence) suggests ************************** 2016-04-20 21:23:59.664 | 2016-04-20 21:23:59.665 | If you believe that python2.7 should be allowed name_connect access on the port 49185 tcp_socket by default. 2016-04-20 21:23:59.665 | Then you should report this as a bug. 2016-04-20 21:23:59.665 | You can generate a local policy module to allow this access. 2016-04-20 21:23:59.665 | Do 2016-04-20 21:23:59.665 | allow this access for now by executing: 2016-04-20 21:23:59.665 | # grep swift-object-se /var/log/audit/audit.log | audit2allow -M mypol 2016-04-20 21:23:59.666 | # semodule -i mypol.pp 2016-04-20 21:23:59.666 | 2016-04-20 21:23:59.666 | 2016-04-20 21:23:59.666 | Additional Information: 2016-04-20 21:23:59.666 | Source Context system_u:system_r:swift_t:s0 2016-04-20 21:23:59.666 | Target Context system_u:object_r:virt_migration_port_t:s0 2016-04-20 21:23:59.666 | Target Objects port 49185 [ tcp_socket ] 2016-04-20 21:23:59.667 | Source swift-object-se 2016-04-20 21:23:59.667 | Source Path /usr/bin/python2.7 2016-04-20 21:23:59.667 | Port 49185 2016-04-20 21:23:59.667 | Host <Unknown> 2016-04-20 21:23:59.667 | Source RPM Packages python-2.7.5-34.el7.x86_64 2016-04-20 21:23:59.667 | Target RPM Packages 2016-04-20 21:23:59.668 | Policy RPM selinux-policy-3.13.1-60.el7_2.3.noarch 2016-04-20 21:23:59.668 | Selinux Enabled True 2016-04-20 21:23:59.668 | Policy Type targeted 2016-04-20 21:23:59.668 | Enforcing Mode Permissive 2016-04-20 21:23:59.668 | Host Name centos-7-rax-iad-411266 2016-04-20 21:23:59.668 | Platform Linux centos-7-rax-iad-411266 2016-04-20 21:23:59.668 | 3.10.0-327.13.1.el7.x86_64 #1 SMP Thu Mar 31 2016-04-20 21:23:59.669 | 16:04:38 UTC 2016 x86_64 x86_64 2016-04-20 21:23:59.669 | Alert Count 1 2016-04-20 21:23:59.669 | First Seen 2016-04-20 21:06:15 UTC 2016-04-20 21:23:59.669 | Last Seen 2016-04-20 21:06:15 UTC 2016-04-20 21:23:59.669 | Local ID fc41d1f2-0dee-4d75-98c5-6dcfdcd508d0 2016-04-20 21:23:59.669 | 2016-04-20 21:23:59.669 | Raw Audit Messages 2016-04-20 21:23:59.670 | type=AVC msg=audit(1461186375.8:534): avc: denied { name_connect } for pid=13003 comm="swift-object-se" dest=49185 scontext=system_u:system_r:swift_t:s0 tcontext=system_u:object_r:virt_migration_port_t:s0 tclass=tcp_socket 2016-04-20 21:23:59.670 | 2016-04-20 21:23:59.670 | 2016-04-20 21:23:59.670 | type=SYSCALL msg=audit(1461186375.8:534): arch=x86_64 syscall=connect success=yes exit=0 a0=f a1=7ffe244101e0 a2=10 a3=1 items=0 ppid=12934 pid=13003 auid=4294967295 uid=160 gid=160 euid=160 suid=160 fsuid=160 egid=160 sgid=160 fsgid=160 tty=(none) ses=4294967295 comm=swift-object-se exe=/usr/bin/python2.7 subj=system_u:system_r:swift_t:s0 key=(null) 2016-04-20 21:23:59.670 | 2016-04-20 21:23:59.670 | Hash: swift-object-se,swift_t,virt_migration_port_t,tcp_socket,name_connect
https://rhos-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/RHOS/view/RHOS8/job/qe-phase2-8_director-rhel-7.2-virthost-3cont_2comp_3ceph-ipv4-gre-ceph/16/ this automation is running with a more advanced rpm openstack-selinux-0.7.11-1.el7ost.noarch see comment #5
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2708.html