Keystone does not start under WSGI and AVC denials are seen
Issue
- Keystone does not start under WSGI.
- The appropriate label does not seem to be applied to the path
/etc/keystone/fernet-keys
. AVC denials are seen because/etc/keystone/fernet-keys
has contextunconfined_u:object_r:etc_t:s0
. - The context of key files are not as expected after Fernet rotation.
Environment
- Red Hat OpenStack Platform.
- Keystone.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.