Created attachment 788802 [details] audit.log of an affected system Description of problem: Having configured Havana-2 with Neutron (using ovs/netns/gre), dnsmasq won't be able to hand out IP addresses because it can't read host and opts files. Version-Release number of selected component (if applicable): openstack-neutron-2013.2-0.3.b2.el6.noarch openstack-neutron-openvswitch-2013.2-0.3.b2.el6.noarch dnsmasq-2.48-13.el6.x86_64 selinux-policy-targeted-3.7.19-195.el6_4.12.noarch How reproducible: Always. Steps to Reproduce: 1. Install and configure Neutron 2. Configure a network and subnet 3. Launch a guest Actual results: No IP over DHCP, dnsmasq having access problems, i.e. permission denied on host and opts files. Expected results: IP over DHCP. Additional info: Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: cannot read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host: Permission denied Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: cannot read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts: Permission denied Aug 21 11:10:49 ctrl-stg dnsmasq[4945]: read /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts unconfined_u:system_r:dnsmasq_t:s0 nobody 5865 0.0 0.0 12880 772 ? S 11:25 0:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tape560c086-b2 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host --dhcp-optsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts --dhcp-script=/usr/bin/neutron-dhcp-agent-dnsmasq-lease-update --leasefile-ro --dhcp-range=tag0,192.168.0.0,static,120s --conf-file= --domain=openstacklocal unconfined_u:system_r:dnsmasq_t:s0 root 5866 0.0 0.0 12880 208 ? S 11:25 0:00 \_ dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tape560c086-b2 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/host --dhcp-optsfile=/var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/opts --dhcp-script=/usr/bin/neutron-dhcp-agent-dnsmasq-lease-update --leasefile-ro --dhcp-range=tag0,192.168.0.0,static,120s --conf-file= --domain=openstacklocal # ls -Z /var/lib/neutron/ drwxr-xr-x. neutron neutron unconfined_u:object_r:var_lib_t:s0 dhcp drwxr-xr-x. neutron neutron system_u:object_r:var_lib_t:s0 external drwx------. neutron neutron unconfined_u:object_r:var_lib_t:s0 keystone-signing drwxr-xr-x. neutron neutron system_u:object_r:var_lib_t:s0 lock srwxr-xr-x. neutron neutron system_u:object_r:var_lib_t:s0 metadata_proxy # ls -Z /var/lib/neutron/dhcp/ drwxr-xr-x. neutron neutron unconfined_u:object_r:var_lib_t:s0 09ae9120-d280-477b-851d-7687c2394373 srwxr-xr-x. neutron neutron unconfined_u:object_r:var_lib_t:s0 lease_relay # ls -Z /var/lib/neutron/dhcp/09ae9120-d280-477b-851d-7687c2394373/ -rw-r--r--. neutron neutron unconfined_u:object_r:var_lib_t:s0 host -rw-r--r--. neutron neutron unconfined_u:object_r:var_lib_t:s0 interface -rw-r--r--. neutron neutron unconfined_u:object_r:var_lib_t:s0 opts -rw-r--r--. root root unconfined_u:object_r:dnsmasq_lease_t:s0 pid See also the attached audit.log.gz (grep for dnsmasq for this issue - there also seems to be an issue around neutron-ns-meta and ifconfig for which I haven't found any consequences yet).
*** This bug has been marked as a duplicate of bug 996776 ***