Actions
Bug #15640
closed
OpenStack Neutron service SELinux denial during provisioning
Difficulty:
Triaged:
Bugzilla link:
Description
Neutron port 9696 is missing in our policy. It looks like it is present in both RHEL6 and RHEL7 (tested with 6.6 and 7.2) so easy fix.
Steps to Reproduce:
1.Provision a 'New Host' on OpenStack, observe the /var/log/audit/audit.log, to see the SELinux denial issues.
Actual results:
In /var/log/audit/audit.log
type=AVC msg=audit(1467659098.220:1559): avc: denied { name_connect } for pid=11002 comm="diagnostic_con*" dest=9696 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:neutron_port_t:s0 tclass=tcp_socket
Updated by The Foreman Bot over 8 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman-selinux/pull/59 added
Updated by Daniel Lobato Garcia over 8 years ago
- Target version changed from 117 to 1.6.2
Updated by Anonymous over 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 264951f83dc8bbf845d71d7f4b16acdb6288961d.
Updated by Dominic Cleal over 8 years ago
- Translation missing: en.field_release set to 175
Updated by Dominic Cleal about 8 years ago
- Related to Bug #16263: corenet_tcp_connect_neutron_port not available on EL6.5 buildroot added
Updated by
Actions