I just encountered the same exact error in an environment with openstack-nova-14.0.8-2.el7ost.noarch. I took the sosreports from all the nodes here [1]. Problem happened doing the same exact test Marian wrote on the bug description. [1] http://file.rdu.redhat.com/~rscarazz/BZ1386420/
Can you please check for an AVC denial in the audit logs? If you find one, can you also please confirm the version of your SELinux policy?
I posted the sosreports exactly to share these info. In any case if I look inside the audit.log of the compute node I see AVC denials related to these components: 11 "chronyd" 4 "chrony-helper" 4 "dhclient" 2 "NetworkManager" 1 "virtlogd" So the one which can may interest us is: type=AVC msg=audit(1505232916.329:112): avc: denied { unlink } for pid=3705 comm="virtlogd" name="console.log" dev="sda2" ino=96469187 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:svirt_image_t:s0:c292,c869 tclass=file About the selinux policy these are the packages installed on the system: selinux-policy-3.13.1-166.el7_4.4.noarch Thu Sep 7 17:48:18 2017 selinux-policy-targeted-3.13.1-166.el7_4.4.noarch Thu Sep 7 17:51:03 2017
Any progress updates?
I think this might be an occurrence of [1], actually. Can we check the installed openstack-selinux version, and if it's earlier than openstack-selinux-0.8.11-1.el7ost, update to at least that? [1] https://bugzilla.redhat.com/show_bug.cgi?id=1499800
At the time I posted the sosreports (see #comment1) the version of the package in the installation was openstack-selinux-0.8.9-0.1.el7ost.noarch. There's no way at the moment to check an updated version because that installation is gone. The only way we can test this is by trying to reproduce the problem again.
> The only way we can test this is by trying to reproduce the problem again. Is that something you're planning on doing? Just so I know what to do with this bz. Cheers!
Hi Raoul, I'm going to close this bug for now. Feel free to reopen at any time if we get an answer to the question in comments 7 and 9. Cheers!