Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1441695 - collectd_tcp_network_connect boolean must be ON.
collectd_tcp_network_connect boolean must be ON.
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-selinux (Show other bugs)
11.0 (Ocata)
Unspecified Unspecified
high Severity high
: rc
: 11.0 (Ocata)
Assigned To: Lon Hohberger
Leonid Natapov
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-12 09:36 EDT by Lars Kellogg-Stedman
Modified: 2017-05-17 16:20 EDT (History)
13 users (show)

See Also:
Fixed In Version: openstack-selinux-0.8.6-2.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-05-17 16:20:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:1245 normal SHIPPED_LIVE Red Hat OpenStack Platform 11.0 Bug Fix and Enhancement Advisory 2017-05-17 19:01:50 EDT

  None (edit)
Description Lars Kellogg-Stedman 2017-04-12 09:36:05 EDT 
Running the collectd "memcached" plugin results in an AVC denial:

type=AVC msg=audit(1491740935.098:499216): avc:  denied  { name_connect }
for  pid=503052 comm="reader#3" dest=11211
scontext=system_u:system_r:collectd_t:s0
tcontext=system_u:object_r:memcache_port_t:s0 tclass=tcp_socket

This connection should be allowed.
Comment 2 Red Hat Bugzilla Rules Engine 2017-04-12 09:50:31 EDT 
This bugzilla has been removed from the release and needs to be reviewed and Triaged for another Target Release.
Comment 3 Matthias Runge 2017-04-18 04:22:25 EDT 
setsebool -P collectd_tcp_network_connect = on 
should fix the issue.
Comment 6 Leonid Natapov 2017-05-04 06:06:16 EDT 
openstack-selinux-0.8.6-2.el7ost.noarch

[root@overcloud-controller-0 heat-admin]# getsebool -a | grep  collectd
collectd_tcp_network_connect --> on
Comment 7 errata-xmlrpc 2017-05-17 16:20:40 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1245
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.