Bug 1349394 - Certmonger needs to be able to restart OpenStack services.
Summary: Certmonger needs to be able to restart OpenStack services.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy
Version: 7.3
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: pre-dev-freeze
: ---
Assignee: Lukas Vrabec
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-23 12:05 UTC by Ryan Hallisey
Modified: 2017-08-01 15:12 UTC (History)
11 users (show)

Fixed In Version: selinux-policy-3.13.1-137
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 15:12:40 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1861 0 normal SHIPPED_LIVE selinux-policy bug fix update 2017-08-01 17:50:24 UTC

Description Ryan Hallisey 2016-06-23 12:05:09 UTC
Certmonger needs to be able to restart OpenStack services.

example policy from haproxy:
allow certmonger_t haproxy_unit_file_t:service { status start };

Comment 2 Ryan Hallisey 2016-06-28 13:53:01 UTC
This seems like a base policy bug, What do you think Mirek?

Comment 3 Miroslav Grepl 2016-12-05 16:20:00 UTC
(In reply to Ryan Hallisey from comment #2)
> This seems like a base policy bug, What do you think Mirek?

Yes, it is. Certmonger starts haproxy service.

Comment 4 Mike Burns 2016-12-21 15:45:59 UTC
Per comment 3, moving to selinux-policy

Comment 8 Ryan Hallisey 2017-04-24 19:45:50 UTC
Looks fine

Comment 10 errata-xmlrpc 2017-08-01 15:12:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1861


Note You need to log in before you can comment on or make changes to this bug.