OpenStack-Ansible

Swift is generating audit.log errors on CentOS with selinux enabled

Bug #1646124 reported by Marc Gariépy on 2016-11-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	Wishlist	Marc Gariépy

Bug Description

it seems that selinux needs a bit more config for the swift role.

type=AVC msg=audit(1480515601.573:740): avc: denied { search } for pid=16467 comm="local" name="swift" dev="vda1" ino=295569857 scontext=system_u:system_r:postfix_local_t:s0 tcontext=system_u:object_r:swift_data_t:s0 tclass=dir

See original description

Marc Gariépy (mgariepy) on 2016-11-30

description:

updated

Jean-Philippe Evrard (jean-philippe-evrard) on 2016-12-06

Changed in openstack-ansible:
importance:	Undecided → Wishlist

Revision history for this message

Jean-Philippe Evrard (jean-philippe-evrard) wrote on 2017-01-17:

See also: https://review.openstack.org/#/c/420953/

Changed in openstack-ansible:
assignee:	nobody → Marc Gariépy (mgariepy)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-25: Fix merged to openstack-ansible-os_swift (master)

Reviewed: https://review.openstack.org/420953
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_swift/commit/?id=06b3a4837f5829def7ac7c46d76ec4c695c7174b
Submitter: Jenkins
Branch: master

commit 06b3a4837f5829def7ac7c46d76ec4c695c7174b
Author: Marc Gariepy <email address hidden>
Date: Mon Jan 16 15:52:11 2017 -0500

Add selinux rule for swift host.

allow some selinux rules to allow swift-rings to be retreived from the host.

Closes-Bug: #1646124
Change-Id: I64955a4616b08bba6a4efd22c5e35180388db4a2

Changed in openstack-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-27: Fix included in openstack/openstack-ansible-os_swift 15.0.0.0b3

This issue was fixed in the openstack/openstack-ansible-os_swift 15.0.0.0b3 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.