OpenStack-Ansible

SELinux contexts missing on /openstack/log/*-nova

Bug #1748911 reported by Major Hayden on 2018-02-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	Undecided	Major Hayden

Bug Description

The log directory for nova on CentOS has default_t contexts and this is causing AVC's.

# ls -alZ /openstack/log/
drwxr-xr-x. root root system_u:object_r:default_t:s0 .
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 ..
drwxr-xr-x. root root system_u:object_r:default_t:s0 ansible-logging
drwxr-xr-x. neutron neutron system_u:object_r:default_t:s0 hydrogen-neutron
drwxr-xr-x. nova nova system_u:object_r:default_t:s0 hydrogen-nova

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-12: Fix proposed to openstack-ansible-os_nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/543499

Changed in openstack-ansible:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-19: Fix merged to openstack-ansible-os_nova (master)

Reviewed: https://review.openstack.org/543499
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_nova/commit/?id=10fc6d9035baf9db11f1b13983dd8df6e0996e4b
Submitter: Zuul
Branch: master

commit 10fc6d9035baf9db11f1b13983dd8df6e0996e4b
Author: Major Hayden <email address hidden>
Date: Wed Feb 14 11:39:54 2018 -0600

Add SELinux contexts for nova log directory

    The log directory for nova has the default_t SELinux context and this
    prevents rsyslog from accessing nova's logs. This patch ensures that
    the file contexts are set properly for nova's logs.

This change also makes nova's log directory configurable using the
`nova_log_dir` variable.

Closes-Bug: 1748911
Change-Id: Iaac69c5807715f50386624602375c89adeeb48a1

Changed in openstack-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-20: Fix proposed to openstack-ansible-os_nova (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/546103

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-02: Fix merged to openstack-ansible-os_nova (stable/queens)

Reviewed: https://review.openstack.org/546103
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_nova/commit/?id=2d7331dd2258a32f1d3fb3cee930c71193551089
Submitter: Zuul
Branch: stable/queens

commit 2d7331dd2258a32f1d3fb3cee930c71193551089
Author: Major Hayden <email address hidden>
Date: Wed Feb 14 11:39:54 2018 -0600

Add SELinux contexts for nova log directory

    The log directory for nova has the default_t SELinux context and this
    prevents rsyslog from accessing nova's logs. This patch ensures that
    the file contexts are set properly for nova's logs.

This change also makes nova's log directory configurable using the
`nova_log_dir` variable.

    Closes-Bug: 1748911
    Change-Id: Iaac69c5807715f50386624602375c89adeeb48a1
    (cherry picked from commit 10fc6d9035baf9db11f1b13983dd8df6e0996e4b)

tags:

added: in-stable-queens

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-12: Fix included in openstack/openstack-ansible-os_nova 17.0.0.0rc2

This issue was fixed in the openstack/openstack-ansible-os_nova 17.0.0.0rc2 release candidate.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-05-03: Fix included in openstack/openstack-ansible-os_nova 18.0.0.0b1

This issue was fixed in the openstack/openstack-ansible-os_nova 18.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.