In osp13-director deployment i've noticed selinux avc denials on all overcloud nodes (used one controller, compute and ceph node, found this denial on each of them): > type=AVC msg=audit(1524079572.998:2482): avc: denied { read } for pid=20936 comm="sshd" name="lastlog" dev="vda2" ino=14075748 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=file > type=AVC msg=audit(1524079572.998:2483): avc: denied { read write } for pid=20936 comm="sshd" name="lastlog" dev="vda2" ino=14075748 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=file atm it's unclear to me what is triggering it neither if it breaks anything. openstack-selinux.noarch 0.8.14-1.el7ost @rhos-13.0-signed ceph-selinux.x86_64 2:12.2.1-46.el7cp @rhos-13.0-ceph-3-mon-signed container-selinux.noarch 2:2.55-1.el7 @rhos-13.0-rhel-7-extras-signed libselinux-python.x86_64 2.5-12.el7 @anaconda/7.5 libselinux-ruby.x86_64 2.5-12.el7 @rhos-13.0-rhel-7-signed libselinux-utils.x86_64 2.5-12.el7 @anaconda/7.5 libselinux.x86_64 2.5-12.el7 @anaconda/7.5 selinux-policy.noarch 3.13.1-192.el7 @anaconda/7.5 selinux-policy-targeted.noarch 3.13.1-192.el7 @anaconda/7.5 shadow-utils.x86_64 2:4.1.5.1-24.el7 @anaconda/7.5
*** This bug has been marked as a duplicate of bug 1543914 ***