Bug 1500820

Summary: multiple 'systemd' AVC denials related to 'sysfs'
Product: [Fedora] Fedora Reporter: Micah Abbott <miabbott>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 26CC: dustymabe, dwalsh, jylo06g, lsm5, lvrabec, mgrepl, plautrba, pmoore
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: selinux-policy-3.13.1-260.13.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-10-17 19:21:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Micah Abbott 2017-10-11 14:33:39 UTC 
Using the 'testing' branch of Fedora 26 Atomic Host (26.138), our automated tests detected a large amount of AVC denials for 'systemd' after booting into the deployment.

The version of 'selinux-policy' installed is selinux-policy-3.13.1-260.12.fc26.noarch


# rpm-ostree status
State: idle
Deployments:
● fedora-atomic:fedora/26/x86_64/testing/atomic-host
                   Version: 26.138 (2017-10-11 02:17:28)
                    Commit: 61d4a5dfa72be08937546189ad3511d6b7c7addeddcad7b93a60c54430fff86e
              GPGSignature: Valid signature by E641850B77DF435378D1D7E2812A6B4B64DAB85D

# journalctl -b | grep 'avc:  denied'
Oct 11 03:10:15 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="console" dev="sysfs" ino=3170 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:15 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="autofs" dev="sysfs" ino=7152 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:15 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="id" dev="sysfs" ino=592 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:15 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[588]: AVC avc:  denied  { read } for  pid=588 comm="systemd-getty-g" name="console" dev="sysfs" ino=3170 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="console" dev="sysfs" ino=3170 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
Comment 1 Dusty Mabe 2017-10-11 14:37:04 UTC 
this looks like https://bugzilla.redhat.com/show_bug.cgi?id=1499327, which was opened against rawhide last week. Hopefully the fix for that trickles into f26 as well.
Comment 2 Lukas Vrabec 2017-10-11 15:41:39 UTC 
*** Bug 1500766 has been marked as a duplicate of this bug. ***
Comment 3 Fedora Update System 2017-10-11 20:07:45 UTC 
selinux-policy-3.13.1-260.13.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-88b6a06bce
Comment 4 Fedora Update System 2017-10-11 20:08:49 UTC 
selinux-policy-3.13.1-260.13.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-88b6a06bce
Comment 5 Fedora Update System 2017-10-13 04:22:46 UTC 
selinux-policy-3.13.1-260.13.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-88b6a06bce
Comment 6 Fedora Update System 2017-10-17 19:21:23 UTC 
selinux-policy-3.13.1-260.13.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.