These denials are being logged on the overcloud controller node. They are not present on compute nodes.
type=AVC msg=audit(1422372787.429:193): avc: denied { open } for pid=4422 comm="os-apply-config" path="/var/log/os-apply-config.log" dev="sda2" ino=53123 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.438:194): avc: denied { getattr } for pid=4421 comm="os-apply-config" path="/var/lib/os-collect-config/os_config_files.json" dev="sda2" ino=1019499 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.439:195): avc: denied { read } for pid=4422 comm="os-apply-config" name="os_config_files.json" dev="sda2" ino=1019499 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.439:195): avc: denied { open } for pid=4422 comm="os-apply-config" path="/var/lib/os-collect-config/os_config_files.json" dev="sda2" ino=1019499 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.440:196): avc: denied { getattr } for pid=4422 comm="os-apply-config" path="/var/lib/heat-cfntools/cfn-init-data" dev="sda2" ino=53171 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.440:197): avc: denied { read } for pid=4421 comm="os-apply-config" name="cfn-init-data" dev="sda2" ino=53171 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.440:197): avc: denied { open } for pid=4421 comm="os-apply-config" path="/var/lib/heat-cfntools/cfn-init-data" dev="sda2" ino=53171 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.440:198): avc: denied { getattr } for pid=4422 comm="os-apply-config" path="/var/lib/cloud/data/cfn-init-data" dev="sda2" ino=53174 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:cloud_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.440:199): avc: denied { read } for pid=4421 comm="os-apply-config" name="cfn-init-data" dev="sda2" ino=53174 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:cloud_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.440:199): avc: denied { open } for pid=4421 comm="os-apply-config" path="/var/lib/cloud/data/cfn-init-data" dev="sda2" ino=53174 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:cloud_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.736:200): avc: denied { getattr } for pid=4418 comm="keepalived_vip_" path="/usr/sbin/ip" dev="sda2" ino=581819 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.736:201): avc: denied { execute } for pid=4418 comm="keepalived_vip_" name="ip" dev="sda2" ino=581819 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.736:202): avc: denied { read } for pid=4418 comm="keepalived_vip_" name="ip" dev="sda2" ino=581819 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.736:203): avc: denied { open } for pid=4435 comm="keepalived_vip_" path="/usr/sbin/ip" dev="sda2" ino=581819 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1422372787.736:203): avc: denied { execute_no_trans } for pid=4435 comm="keepalived_vip_" path="/usr/sbin/ip" dev="sda2" ino=581819 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=1
Fix proposed to branch: master /review. openstack. org/151366
Review: https:/