[Rdo-list] Why is glance_api_can_network an selinux boolean?
Lars Kellogg-Stedman
lars at redhat.com
Fri Mar 27 13:56:30 UTC 2015
Running `audit2allow -a` on my Fedora 21/RDO Juno system yields
several issues, but this one caught my eye:
#!!!! This avc can be allowed using the boolean 'glance_api_can_network'
allow glance_api_t keystone_port_t:tcp_socket name_connect;
Why is this a boolean? In what scenario would glance *not* need to
connect to Keystone?
--
Lars Kellogg-Stedman <lars at redhat.com> | larsks @ {freenode,twitter,github}
Cloud Engineering / OpenStack | http://blog.oddbit.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20150327/88c21b68/attachment.sig>
More information about the dev
mailing list