Deploying with selinux enforcing causes glance api container to fail to start with podman
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Expired
|
Medium
|
Unassigned |
Bug Description
When deploying OOO master (now with podman) and leaving selinux enabled and enforcing, the glance api container fails to start due to:
podman logs glance_api output:
ERROR:_
Traceback (most recent call last):
File "/usr/local/
execute_
File "/usr/local/
copy_
File "/usr/local/
config_
File "/usr/local/
self.
File "/usr/local/
dir_content = os.listdir(source)
OSError: [Errno 13] Permission denied: '/var/lib/
The /var/lib/
{
"command": "/usr/bin/
"config_files": [
{
"dest": "/",
},
{
"dest": "/etc/ceph/",
}
],
"permissions": [
{
"path": "/var/lib/glance",
},
{
"path": "/etc/ceph/
"perm": "0600"
}
]
}
Changed in tripleo: | |
status: | Triaged → Incomplete |
Hey,
That's weird: on an centos7.6, with enforced SELinux, I could deploy the whole undercloud with podman, and it actually did accept an image in its glance.
We would need some more info, like some extract of the /var/log/ audit/audit. log (especially AVC entries), and maybe some more info about your system in order to understand what's going on.
Cheers,
C.