Bug 1441695 - collectd_tcp_network_connect boolean must be ON.
Summary: collectd_tcp_network_connect boolean must be ON.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-selinux
Version: 11.0 (Ocata)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 11.0 (Ocata)
Assignee: Lon Hohberger
QA Contact: Leonid Natapov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-04-12 13:36 UTC by Lars Kellogg-Stedman
Modified: 2017-05-17 20:20 UTC (History)
13 users (show)

Fixed In Version: openstack-selinux-0.8.6-2.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-05-17 20:20:40 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:1245 normal SHIPPED_LIVE Red Hat OpenStack Platform 11.0 Bug Fix and Enhancement Advisory 2017-05-17 23:01:50 UTC

Description Lars Kellogg-Stedman 2017-04-12 13:36:05 UTC
Running the collectd "memcached" plugin results in an AVC denial:

type=AVC msg=audit(1491740935.098:499216): avc:  denied  { name_connect }
for  pid=503052 comm="reader#3" dest=11211
scontext=system_u:system_r:collectd_t:s0
tcontext=system_u:object_r:memcache_port_t:s0 tclass=tcp_socket

This connection should be allowed.

Comment 2 Red Hat Bugzilla Rules Engine 2017-04-12 13:50:31 UTC
This bugzilla has been removed from the release and needs to be reviewed and Triaged for another Target Release.

Comment 3 Matthias Runge 2017-04-18 08:22:25 UTC
setsebool -P collectd_tcp_network_connect = on 
should fix the issue.

Comment 6 Leonid Natapov 2017-05-04 10:06:16 UTC
openstack-selinux-0.8.6-2.el7ost.noarch

[root@overcloud-controller-0 heat-admin]# getsebool -a | grep  collectd
collectd_tcp_network_connect --> on

Comment 7 errata-xmlrpc 2017-05-17 20:20:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1245


Note You need to log in before you can comment on or make changes to this bug.