Cron SELinux denial
In Centos cronie package (cronie-1.4.11-19.el7.x86_64) is a bug, which is causing these selinux errors on docker host running kolla cron image:
type=PROCTITLE msg=audit(8.11.2018 11:01:01.228:167202) : proctitle=CROND -s -n
type=SYSCALL msg=audit(8.11.2018 11:01:01.228:167202) : arch=x86_64 syscall=write success=no exit=EACCES(Permission denied) a0=0x8 a1=0x0 a2=0x0 a3=0x7fff7290dae0 items=0 ppid=14534 pid=19964 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=6860 comm=crond exe=/usr/sbin/crond subj=system_u:system_r:container_t:s0:c5,c464 key=(null)
type=AVC msg=audit(8.11.2018 11:01:01.228:167202) : avc: denied { setexec } for pid=19964 comm=crond scontext=system_u:system_r:container_t:s0:c5,c464 tcontext=system_u:system_r:container_t:s0:c5,c464 tclass=process
Issue is fixed in this PR - https://github.com/cronie-crond/cronie/pull/8/files and will be resolved in future version of Centos (>7).