Bug 1395211

Summary: Installation throws avc unlink hwdb.bin
Product: [Fedora] Fedora Reporter: Jakub Jelen <jjelen>
Component: systemdAssignee: systemd-maint
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: dominick.grift, dwalsh, johannbg, jpazdziora, lnykryn, lvrabec, mgrepl, msekleta, muadda, plautrba, pmoore, ssahani, ssekidde, s, systemd-maint, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: systemd-229-17.fc24 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-06 01:49:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jakub Jelen 2016-11-15 12:17:06 UTC 
Description of problem:
The installation of Fedora 24 (in Beaker) throws the following messages on console and the AVC in the dmesg. According to Lukas, the hwdb.bin is mislabeled in this stage. Feel free to reassign if some other component is to blame.

[   13.080232] audit: type=1400 audit(1479154609.302:51): avc:  denied  { unlink } for  pid=531 comm="systemd-hwdb" name="hwdb.bin" dev="dm-0" ino=1704577 scontext=system_u:system_r:systemd_hwdb_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0 
[   13.105672] audit: type=1300 audit(1479154609.302:51): arch=c000003e syscall=82 success=no exit=-13 a0=5577a10d90b0 a1=5577a112a800 a2=7ff21c51ab58 a3=20 items=0 ppid=1 pid=531 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-hwdb" exe="/usr/bin/systemd-hwdb" subj=system_u:system_r:systemd_hwdb_t:s0 key=(null) 


Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-191.20.fc24.noarch
[    9.309352] systemd[1]: systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN) 

How reproducible:
always

Steps to Reproduce:
1. Install Fedora 24 in Beaker

Actual results:
2. see the dmesg/console with errors

Expected results:
no errors

Additional info:
Messages with a bit more context:

] Mounted NFSD configuration filesystem.  
[      
  OK   [[   12.808910] audit: type=1130 audit(1479154609.031:50): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=lvm2-monitor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' 
0m] Started Monitoring of LVM2 mirrors,...ng dmeventd or progress polling.  
[   13.080232] audit: type=1400 audit(1479154609.302:51): avc:  denied  { unlink } for  pid=531 comm="systemd-hwdb" name="hwdb.bin" dev="dm-0" ino=1704577 scontext=system_u:system_r:systemd_hwdb_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0 
[   13.105672] audit: type=1300 audit(1479154609.302:51): arch=c000003e syscall=82 success=no exit=-13 a0=5577a10d90b0 a1=5577a112a800 a2=7ff21c51ab58 a3=20 items=0 ppid=1 pid=531 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-hwdb" exe="/usr/bin/systemd-hwdb" subj=system_u:system_r:systemd_hwdb_t:s0 key=(null) 
[   13.105677] audit: type=1327 audit(1479154609.302:51): proctitle=2F7573722F62696E2F73797374656D642D6877646200757064617465 
[   13.154784] audit: type=1130 audit(1479154609.378:52): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fedora-readonly comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' 
[      
  OK     
] Started Configure read-only root support.
Comment 1 Lukas Vrabec 2016-12-08 16:18:38 UTC 
Michal, we have this issue again.
Comment 2 Jan Pazdziora 2017-01-10 13:46:49 UTC 
Any word on getting this bug fixed? It seems to have gotten errata in RHEL, via bug 1343648.
Comment 3 Michal Sekletar 2017-01-16 15:00:55 UTC 
Yes, this was fixed in RHEL but those patches were never backported to Fedora.
Comment 4 Michal Sekletar 2017-01-16 15:11:21 UTC 
https://src.fedoraproject.org/cgit/rpms/systemd.git/commit/?h=f24&id=6037cb4380b3411bbac912ceb2828cc0d324a265 -> POST
Comment 5 Fedora Update System 2017-02-01 11:15:45 UTC 
systemd-229-17.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-7fac567c88
Comment 6 Fedora Update System 2017-02-01 22:48:09 UTC 
systemd-229-17.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-7fac567c88
Comment 7 Fedora Update System 2017-02-06 01:49:00 UTC 
systemd-229-17.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.