2007314 – [OSP-17][CentOS-9]Spawning instance with vTPM driver results in error with selinux denials

Bug 2007314 - [OSP-17][CentOS-9]Spawning instance with vTPM driver results in error with selinux denials

Summary: [OSP-17][CentOS-9]Spawning instance with vTPM driver results in error with se...

Keywords:
Status:	CLOSED DUPLICATE of bug 1782128
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	17.0 (Wallaby)
Hardware:	Unspecified
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	ga
Target Release:	17.1
Assignee:	Cédric Jeanneret
QA Contact:	David Rosenfeld
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1782128
TreeView+	depends on / blocked

Reported:	2021-09-23 14:30 UTC by Pavan
Modified:	2023-08-29 03:02 UTC (History)
CC List:	20 users (show)
Fixed In Version:	puppet-tripleo-14.2.3-1.20220802084432.47e76e9.el9ost openstack-tripleo-heat-templates-14.3.1-1.20220823151141.f7e97cb.el9ost
Doc Type:	Bug Fix
Doc Text:	Before this update, instances with an emulated Trusted Platform Module (TPM) device could not be created due to an issue with the SElinux configuration in the `nova_libvirt` container. With this update, the deployment tooling configures SElinux correctly, which resolves the issue.
Clone Of:
Environment:
Last Closed:	2023-08-15 15:28:30 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	redhat-openstack openstack-selinux pull 80	None	open	Allow spawning instances with vTPM driver	2021-09-24 08:56:32 UTC
Launchpad	1902468	None	None	None	2021-09-27 09:54:53 UTC
OpenStack gerrit	813431	None	MERGED	Enable new SELinux boolean for vTPM support	2022-08-22 17:50:28 UTC
OpenStack gerrit	813432	None	MERGED	Enable new SELinux boolean for vTPM support	2022-08-22 17:50:30 UTC
Red Hat Issue Tracker	OSP-9859	None	None	None	2021-11-15 12:43:32 UTC
Red Hat Issue Tracker	RHOSPDOC-835	None	None	None	2023-04-27 16:56:36 UTC

Comment 17 Cédric Jeanneret 2021-11-30 13:18:43 UTC

Patches merged upstream, waiting for some import to happen.

Comment 18 Cédric Jeanneret 2021-11-30 13:42:04 UTC

Actually, MODIFIED: we have a complete FIV.

Comment 25 Artom Lifshitz 2022-08-22 17:53:47 UTC

This will need a bug fix doctext since https://bugzilla.redhat.com/show_bug.cgi?id=2120383 has been filed to track the known issue.

Note You need to log in before you can comment on or make changes to this bug.