Project

General

Profile

Actions

Bug #15640

closed

OpenStack Neutron service SELinux denial during provisioning

Added by Lukas Zapletal over 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
Compute resources
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Neutron port 9696 is missing in our policy. It looks like it is present in both RHEL6 and RHEL7 (tested with 6.6 and 7.2) so easy fix.

Steps to Reproduce:
1.Provision a 'New Host' on OpenStack, observe the /var/log/audit/audit.log, to see the SELinux denial issues.

Actual results:
In /var/log/audit/audit.log

type=AVC msg=audit(1467659098.220:1559): avc: denied { name_connect } for pid=11002 comm="diagnostic_con*" dest=9696 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:neutron_port_t:s0 tclass=tcp_socket


Related issues 1 (0 open1 closed)

Related to SELinux - Bug #16263: corenet_tcp_connect_neutron_port not available on EL6.5 buildrootClosedLukas Zapletal08/24/2016Actions
Actions #1

Updated by The Foreman Bot over 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-selinux/pull/59 added
Actions #2

Updated by Daniel Lobato Garcia over 7 years ago

  • Target version set to 117
Actions #3

Updated by Daniel Lobato Garcia over 7 years ago

  • Target version changed from 117 to 1.6.2
Actions #4

Updated by Anonymous over 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #5

Updated by Dominic Cleal over 7 years ago

  • translation missing: en.field_release set to 175
Actions #6

Updated by Dominic Cleal over 7 years ago

  • Related to Bug #16263: corenet_tcp_connect_neutron_port not available on EL6.5 buildroot added
Actions #7

Updated by Greg Sutcliffe over 5 years ago

  • Target version deleted (1.12.2)
Actions

Also available in: Atom PDF