Installation of RDO Juno on Fedora 21, with: - openstack-nova-api-2014.2.1-1.fc22.noarch - selinux-policy-3.13.1-105.fc21.noarch Results in the following from audit2allow: #============= nova_api_t ============== allow nova_api_t self:capability net_admin; allow nova_api_t system_dbusd_t:dbus send_msg; allow nova_api_t system_dbusd_t:unix_stream_socket connectto; allow nova_api_t system_dbusd_var_run_t:dir search; allow nova_api_t system_dbusd_var_run_t:sock_file write; allow nova_api_t systemd_logind_t:dbus send_msg; Corresponding to the following AVCs in the audit log: type=AVC msg=audit(): avc: denied { connectto } for pid=xxx comm="sudo" path="/run/dbus/system_bus_socket" scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1 type=AVC msg=audit(): avc: denied { net_admin } for pid=xxx comm="sudo" capability=12 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:nova_api_t:s0 tclass=capability permissive=0 type=AVC msg=audit(): avc: denied { net_admin } for pid=xxx comm="sudo" capability=12 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:nova_api_t:s0 tclass=capability permissive=1 type=AVC msg=audit(): avc: denied { search } for pid=xxx comm="sudo" name="dbus" dev="tmpfs" ino=10410 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir permissive=0 type=AVC msg=audit(): avc: denied { search } for pid=xxx comm="sudo" name="dbus" dev="tmpfs" ino=10410 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir permissive=1 type=AVC msg=audit(): avc: denied { search } for pid=xxx comm="sudo" name="dbus" dev="tmpfs" ino=11674 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir permissive=1 type=AVC msg=audit(): avc: denied { write } for pid=xxx comm="sudo" name="system_bus_socket" dev="tmpfs" ino=10411 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=sock_file permissive=1 type=AVC msg=audit(): avc: denied { write } for pid=xxx comm="sudo" name="system_bus_socket" dev="tmpfs" ino=11675 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=sock_file permissive=1 type=USER_AVC msg=audit(): pid=xxx uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=2000 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(): pid=xxx uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=28727 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(): pid=xxx uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.login1.Manager member=CreateSession dest=org.freedesktop.login1 spid=2000 tpid=376 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(): pid=xxx uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.login1.Manager member=CreateSession dest=org.freedesktop.login1 spid=28727 tpid=313 scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(): pid=xxx uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.1913 spid=313 tpid=28727 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:nova_api_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(): pid=xxx uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.40 spid=376 tpid=2000 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:nova_api_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
This bug is against a Version which has reached End of Life. If it's still present in supported release (http://releases.openstack.org), please update Version and reopen.