Bug 1401240

Summary: On boot get "Failed at step EXEC spawning *service_name*: Permission denied"
Product: [Fedora] Fedora Reporter: alex
Component: selinux-policy-targetedAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED WORKSFORME QA Contact: Ben Levenson <benl>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: alex, dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-12-04 11:04:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description alex 2016-12-03 21:39:20 UTC 
Description of problem:
On boot in clear system (after install), in /var/log/boot.log get next messages:
[FAILED] Failed to start Load Kernel Modules.
[FAILED] Failed to start Flush Journal to Persistent Storage.
[FAILED] Failed to start Load/Save RF Kill Switch Status.
[FAILED] Failed to start Load Kernel Modules.
[FAILED] Failed to start Flush Journal to Persistent Storage.

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-224.fc25.noarch
selinux-policy-targeted-3.13.1-224.fc25.noarch

How reproducible:
always

Steps to Reproduce:
1. Boot
2.
3.

Actual results:


Expected results:


Additional info:
With any service from *FAILED* list get same situation:
#systemctl start systemd-rfkill.service
Job for systemd-rfkill.service failed because the control process exited with error code.
See "systemctl status systemd-rfkill.service" and "journalctl -xe" for details.

#ausearch -m AVC -ts recent
----
time->Sun Dec  4 00:34:55 2016
type=AVC msg=audit(1480800895.443:305): avc:  denied  { execute } for  pid=3340 comm="(d-rfkill)" name="systemd-rfkill" dev="dm-1" ino=8135742 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Comment 1 alex 2016-12-04 11:04:03 UTC 
After today update problem was solved.