Bug #15640: OpenStack Neutron service SELinux denial during provisioning - SELinux - Foreman

Actions

Copy link

Bug #15640

closed

OpenStack Neutron service SELinux denial during provisioning

Added by Lukas Zapletal almost 8 years ago. Updated almost 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Lukas Zapletal

Category:

Compute resources

Target version:

Difficulty:

Triaged:

Bugzilla link:

1352707

Pull request:

https://github.com/theforeman/foreman-selinux/pull/59

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Neutron port 9696 is missing in our policy. It looks like it is present in both RHEL6 and RHEL7 (tested with 6.6 and 7.2) so easy fix.

Steps to Reproduce:
1.Provision a 'New Host' on OpenStack, observe the /var/log/audit/audit.log, to see the SELinux denial issues.

Actual results:
In /var/log/audit/audit.log

type=AVC msg=audit(1467659098.220:1559): avc: denied { name_connect } for pid=11002 comm="diagnostic_con*" dest=9696 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:neutron_port_t:s0 tclass=tcp_socket

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » SELinux

Custom queries

Bug #15640

OpenStack Neutron service SELinux denial during provisioning

Updated by The Foreman Bot almost 8 years ago

Updated by Daniel Lobato Garcia over 7 years ago

Updated by Daniel Lobato Garcia over 7 years ago

Updated by Anonymous over 7 years ago

Updated by Dominic Cleal over 7 years ago

Updated by Dominic Cleal over 7 years ago

Updated by Greg Sutcliffe almost 6 years ago