Keystone does not start under WSGI and AVC denials are seen
Issue
- Keystone does not start under WSGI.
- The appropriate label does not seem to be applied to the path
/etc/keystone/fernet-keys. AVC denials are seen because/etc/keystone/fernet-keyshas contextunconfined_u:object_r:etc_t:s0. - The context of key files are not as expected after Fernet rotation.
Environment
- Red Hat OpenStack Platform.
- Keystone.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
