Lukas, Everything working as expected. No additional selinux errors. Thanks for the help. Maxim.
The environment with the policy was tested with the following steps: Overcloud has been deployed with two OVS DPDK and one OVS regular (public) network. Each network resides on a separate vlan. Private1 network (routable) was created for the first dpdk interface. Private2 network (routable) was created for the second dpdk interface. Public network was created as an external network for the regular ovs interface. Test1 instance has been booted up with Private1 network attached. Test2 instance has been booted up with Private2 network attached. SSH access tested to the test1 instance. SSH access tested between test1 and test2 instances. Connectivity to outside (8.8.8.8) has been tested from both of the instances. Floating ip has been added to the test1 instance and ssh connectivity tested to the instance. audit.log has been verified for no avc denied errors.
(In reply to Maxim Babushkin from comment #16) > The environment with the policy was tested with the following steps: > > Overcloud has been deployed with two OVS DPDK and one OVS regular (public) > network. > Each network resides on a separate vlan. > Private1 network (routable) was created for the first dpdk interface. > Private2 network (routable) was created for the second dpdk interface. > Public network was created as an external network for the regular ovs > interface. > > Test1 instance has been booted up with Private1 network attached. > Test2 instance has been booted up with Private2 network attached. > > SSH access tested to the test1 instance. > SSH access tested between test1 and test2 instances. > Connectivity to outside (8.8.8.8) has been tested from both of the instances. > > Floating ip has been added to the test1 instance and ssh connectivity tested > to the instance. > > audit.log has been verified for no avc denied errors. Has this been incorporated and tested within the latest puddle? I've noticed that you moved this directly from ASSIGNED -> VERIFIED without the intervening steps, which are used to add patches to puddles and advisories.
I have verified the solution once again today with the latest puddle. Of course if needed, the status should be changed.
To stay in post please update external trackers for patches/launch pad bug etc that should be tracked for this to transition to modify d with Fixed in version specified. If all needed changes are in brew built packages. Pleas update fixed in version and move to modified.
Here is pull request: https://github.com/lukehinds/openstack-selinux/pull/1
(In reply to Lukas Vrabec from comment #23) > Here is pull request: > > https://github.com/lukehinds/openstack-selinux/pull/1 As commented there, please move it to redhat-openstack/openstack-selinux
The bug has been verified with the latest puddle with openstack-selinux-0.7.13-1.el7ost package installed.
*** Bug 1380114 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2948.html