There is a denial connecting to mysqld: type=AVC msg=audit(1339706457.635:1431): avc: denied { name_connect } for pid=31822 comm="glance-registry" dest=3306 scontext=system_u:system_r:glance_registry_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket Note mysql is on localhost. Apparently this was addressed in selinux-policy-targeted-3.10.0-120.fc17.noarch, but that only seemed to consider the unix socket connection, as it added: mysql_stream_connect(glance_registry_t) It seems from the above that this is also needed? allow glance_registry_t mysqld_port_t:tcp_socket name_connect;
I can add the ability to connect to the mysql port, do you know of any other ports it needs to connect to.
I don't know of any others
Fixed in selinux-policy-3.10.0-132.fc17
selinux-policy-3.10.0-132.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-132.fc17
selinux-policy-3.10.0-132.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.