novaclient stats all files in /usr/bin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Eric Larese | ||
python-novaclient |
Fix Released
|
Low
|
Andriy Kurilin |
Bug Description
It appears that novaclient is searching Python's sys.path to find novaclient's own executable, and a side effect of this is an operating system security package will log hundreds of errors each time this happens. For example, this stack trace:
/usr/
-> return weakref.
/usr/
-> cls._create_
/usr/
-> return f(*args, **kwargs)
/usr/
-> cls._instance = cls()
/usr/
-> plugin_provider)
/usr/
-> return plugin_class()
/usr/
-> return f(*args, **kwargs)
/usr/
-> super(Ml2Plugin, self).__init__()
/usr/
-> self.nova_notifier = nova.Notifier()
/usr/
-> ext for ext in nova_client.
> /usr/lib/
-> _discover_
This stack trace is during neutron server startup, a novaclient call is made which results in _discover_
This method uses pkgutil.
type=AVC msg=audit(
One error is logged for every searched file in /usr/bin, about 1,300 messages each time neutron-server restarts on my test system. This generates a huge amount of noise in audit.log. I have not attempted to reproduce this with Ubuntu / AppArmor to verify if the issue is the same.
Is this something the novaclient code would worry about? Is there some way I could submit a patch to fix this?
Changed in python-novaclient: | |
status: | New → In Progress |
importance: | Undecided → Low |
assignee: | nobody → Andrey Kurilin (andreykurilin) |
Changed in neutron: | |
milestone: | none → ocata-rc1 |
tags: | added: ocata-rc-potential |
Changed in neutron: | |
importance: | Undecided → Medium |
Fix proposed to branch: master /review. openstack. org/280725
Review: https:/