Project

General

Profile

Actions
Copy link

Bug #15640

closed

OpenStack Neutron service SELinux denial during provisioning

Added by Lukas Zapletal over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
Compute resources
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
1352707
Pull request:
https://github.com/theforeman/foreman-selinux/pull/59
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Neutron port 9696 is missing in our policy. It looks like it is present in both RHEL6 and RHEL7 (tested with 6.6 and 7.2) so easy fix.

Steps to Reproduce:
1.Provision a 'New Host' on OpenStack, observe the /var/log/audit/audit.log, to see the SELinux denial issues.

Actual results:
In /var/log/audit/audit.log

type=AVC msg=audit(1467659098.220:1559): avc: denied { name_connect } for pid=11002 comm="diagnostic_con*" dest=9696 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:neutron_port_t:s0 tclass=tcp_socket

Related issues 1 (0 open1 closed)

Related to SELinux - Bug #16263: corenet_tcp_connect_neutron_port not available on EL6.5 buildrootClosedLukas Zapletal08/24/2016Actions
Actions
Copy link

Also available in: Atom PDF