[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Rdo-list] Why is glance_api_can_network an selinux boolean?



Running `audit2allow -a` on my Fedora 21/RDO Juno system yields
several issues, but this one caught my eye:

  #!!!! This avc can be allowed using the boolean 'glance_api_can_network'
  allow glance_api_t keystone_port_t:tcp_socket name_connect;

Why is this a boolean?  In what scenario would glance *not* need to
connect to Keystone?

-- 
Lars Kellogg-Stedman <lars redhat com> | larsks @ {freenode,twitter,github}
Cloud Engineering / OpenStack          | http://blog.oddbit.com/

Attachment: pgpoBEf3DYB3v.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]