Bug 1712935

Summary: Cascade of issues since systemd 420 when SELinux enforcing
Product: [Fedora] Fedora Reporter: Michal Schorm <mschorm>
Component: systemdAssignee: systemd-maint
Status: CLOSED DEFERRED QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 30CC: a.dobrawy, lnykryn, msekleta, s, systemd-maint, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-05 20:46:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1467103, 1714026    
Bug Blocks:    

Description Michal Schorm 2019-05-22 14:06:50 UTC 
First error message in journal:
  "... systemd[509]: dbus-broker.service: Failed to set up mount namespacing: Permission denied"
  "... systemd[509]: dbus-broker.service: Failed at step NAMESPACE spawning /usr/bin/dbus-broker-launch: Permission denied"

Since that, dozens of error messgaes apperas, leading to many parts of the system not functional.
For example networking. Which is kinda bad on a system you are accessing via ssh.

---------

Steps to reporoduce:

1) Get perfectly working fresh Fedora 30 installation.
   set up by e.g. this script: https://raw.githubusercontent.com/FaramosCZ/Fedora_from_scratch/MBR_EXT4/setup.sh
2) Update systemd packages to version >= 240
3) Leave SELinux Enforcing at system startup
4) reboot
5) watch your system in ruins

Fast workaround:
1) Disable SELinux enforcing at system startup
   in /etc/selinux/config
... but that's not what you want to do on a real system you want ot use.

OR

2) Downgrade systemd packaged to version <240

---------

You can google several other issues with the same error message in other environments and distros.
https://github.com/systemd/systemd/issues/10032
Not sure though, if they are connected.

I've tried to updating to latest rawhide to see if the issue is solved in systmed or selinux-policy-targeted, but it beahve the same.
Comment 1 Michal Schorm 2019-05-28 12:16:47 UTC 
UPDATE:
  this is caused by bug: https://bugzilla.redhat.com/show_bug.cgi?id=1412696
  comment 35 provides a workaround.

Still, it needs to be solved.
Comment 2 Zbigniew Jędrzejewski-Szmek 2019-08-05 20:46:45 UTC 
Let's close this one. #1467103 remains open, so we can track things there.