Keystone does not start under WSGI and AVC denials are seen

Solution Unverified - Updated -

Issue

  • Keystone does not start under WSGI.
  • The appropriate label does not seem to be applied to the path /etc/keystone/fernet-keys. AVC denials are seen because /etc/keystone/fernet-keys has context unconfined_u:object_r:etc_t:s0.
  • The context of key files are not as expected after Fernet rotation.

Environment

  • Red Hat OpenStack Platform.
  • Keystone.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.