Description of problem: After OSP11 to OSP12 undercloud upgrade /var/log/audit/audit.log keeps logging keepalived related avc denials. Version-Release number of selected component (if applicable): libselinux-utils-2.5-11.el7.x86_64 openstack-selinux-0.8.8-0.20170622195307.74ddc0e.el7ost.noarch libselinux-2.5-11.el7.x86_64 selinux-policy-3.13.1-166.el7.noarch libselinux-python-2.5-11.el7.x86_64 container-selinux-2.19-2.1.el7.noarch libselinux-ruby-2.5-11.el7.x86_64 selinux-policy-targeted-3.13.1-166.el7.noarch How reproducible: 100% Steps to Reproduce: 1. Deploy OSP11 2. Upgrade undercloud to OSP12 Actual results: /var/log/audit/audit.log keeps logging keepalived related avc denials. Expected results: /var/log/audit/audit.log should be clean of denials. Additional info: Attaching audit.log
Created attachment 1296544 [details] audit log
Created attachment 1296546 [details] audit log
Checking the audit log it looks that this error is there from the beginning so it's most probably not related to upgrade at all but to OSP11 deployment on RHEL 7.4
I can confirm the denials are there from OSP11 undercloud deployment, it's not related to upgrade.
https://github.com/redhat-openstack/openstack-selinux/commit/bd843a705122ec58bee5bbd2c13509f21822747e
Access for the reported AVC is allowed on 0.8.9-0.1
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2722