Description of problem: when installing on fedora 20, (packstack, all-in-one) neutron-openvswitch-agent service creates a high cpu load due massively using polkitd, and causing lots of selinux denies. Version-Release number of selected component (if applicable): openstack-neutron-2014.2-0.7.b3.fc22.noarch How reproducible: 100% Steps to Reproduce: 1. packstack --allinone install 2. polkitd uses 1 cpu 3. systemctl stop neutron-openvswitch-agent.service 4. polkit behaves normal. Actual results: Expected results: Additional info: SELINUX denies are: type=AVC msg=audit(1412627944.911:226795): avc: denied { execute } for pid=10598 comm="neutron-openvs w" name="sudo" dev="dm-1" ino=1985715 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r :unlabeled_t:s0 tclass=file permissive=1 type=AVC msg=audit(1412627944.911:226795): avc: denied { read open } for pid=10598 comm="neutron-open vsw" path="/usr/bin/sudo" dev="dm-1" ino=1985715 scontext=system_u:system_r:neutron_t:s0 tcontext=system _u:object_r:unlabeled_t:s0 tclass=file permissive=1 type=AVC msg=audit(1412627944.911:226795): avc: denied { execute_no_trans } for pid=10598 comm="neutr on-openvsw" path="/usr/bin/sudo" dev="dm-1" ino=1985715 scontext=system_u:system_r:neutron_t:s0 tcontext =system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 type=SYSCALL msg=audit(1412627944.911:226795): arch=c000003e syscall=59 success=yes exit=0 a0=3506e80 a1 =26740f0 a2=2f020f0 a3=b items=0 ppid=10048 pid=10598 auid=4294967295 uid=987 gid=984 euid=0 suid=0 fsui d=0 egid=984 sgid=984 fsgid=984 tty=(none) ses=4294967295 comm="sudo" exe="/usr/bin/sudo" subj=system_u: system_r:neutron_t:s0 key=(null)
It seems, this was very improved by latest oslo updates.
Matthias, is "very improved" the same as "fixed" (i.e., can we close this bz)?
Lars, sorry. I don't have the system at hand any more, it ate my battery for breakfast.