Bug 1558816

Summary: avc: denied { mac_admin } for pid=1 comm="systemd" capability=33 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability2 permissive=0
Product: [Fedora] Fedora Reporter: Mairi Dulaney <jdulaney>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: high    
Version: 28CC: dwalsh, jdulaney, jdulaney, jonha87, lvrabec, mgrepl, plautrba, pmoore, robatino, sgallagh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-25 00:21:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1469206    

Description Mairi Dulaney 2018-03-21 04:53:27 UTC 
Description of problem:

Fresh installation of Fedora 28, and I am getting:


avc:  denied  { mac_admin } for  pid=1 comm="systemd" capability=33  scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability2 permissive=0

This may be a duplicate of 1531556

Version-Release number of selected component (if applicable):
systemd-238-4.fc28.x86_64


How reproducible:
Always

Steps to Reproduce:
1. Boot computer
2. Observe AVC denial messages


Actual results:
selinux denying systemd causes sadness

Expected results:
No selinux denying systemd
Comment 1 Fedora Blocker Bugs Application 2018-03-21 04:54:34 UTC 
Proposed as a Blocker for 28-final by Fedora user jdulaney using the blocker tracking app because:

 There must be no SELinux denial notifications or crash notifications on boot of or during installation from a release-blocking live image, or at first login after a default install of a release-blocking desktop.
Comment 2 Lukas Vrabec 2018-03-22 11:42:43 UTC 
*** Bug 1558949 has been marked as a duplicate of this bug. ***
Comment 3 Lukas Vrabec 2018-03-24 13:42:42 UTC 
John, 

Do you see any issues with systemd or you 'just' see the AVC? 

Lukas.
Comment 4 Mairi Dulaney 2018-03-24 14:57:37 UTC 
Nothing directly that I could tell.  However, it still hits the release criteria.
Comment 5 Lukas Vrabec 2018-03-25 00:19:57 UTC 
*** Bug 1557275 has been marked as a duplicate of this bug. ***
Comment 6 Lukas Vrabec 2018-03-25 00:21:41 UTC 
Hi, 

It looks like this is same issue like rhbz#1559174, there is issue with old labels. Closing as duplicate.

If the issue still persists, feel free to re-open this ticket.

*** This bug has been marked as a duplicate of bug 1559174 ***