Created attachment 923043 [details] audit.log Description of problem: Running from source, nova-api cannot start when SELinux is in enforcing mode. type=AVC msg=audit(1405722652.112:335): avc: denied { dac_override } for pid=3812 comm="nova-rootwrap" capability=1 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:nova_api_t:s0 tclass=capability type=AVC msg=audit(1405722652.112:335): avc: denied { dac_read_search } for pid=3812 comm="nova-rootwrap" capability=2 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:nova_api_t:s0 tclass=capability Version-Release number of selected component (if applicable): selinux-policy-3.12.1-179.fc20.noarch selinux-policy-targeted-3.12.1-179.fc20.noarch How reproducible: always Steps to Reproduce: 1. Deploy tripleo devtest. Actual results: nova-api does not start. Expected results: nova-api should start. Additional info:
The fix was to set /etc/nova user.group permissions to root.nova.