Description of problem: After updating latest updates for rawhide ( 19/09/2015 ) The output for ps -eZ |grep unconfined_service system_u:system_r:unconfined_service_t:s0 1858 ? 00:00:00 udisksd system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 2725 ? 00:00:00 setroubleshootd SELinux is preventing (systemd) from using the 'transition' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that (systemd) should be allowed transition access on processes labeled unconfined_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep (systemd) /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0 Target Objects /usr/lib/systemd/systemd [ process ] Source (systemd) Source Path (systemd) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages systemd-226-3.fc24.x86_64 Policy RPM selinux-policy-3.13.1-147.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.3.0-0.rc1.git3.1.fc24.x86_64 #1 SMP Thu Sep 17 18:27:35 UTC 2015 x86_64 x86_64 Alert Count 2 First Seen 2015-09-19 12:29:00 EEST Last Seen 2015-09-19 12:34:59 EEST Local ID 26bcc8c5-ab2f-4a1b-bb15-c07e53a216dd Raw Audit Messages type=AVC msg=audit(1442655299.795:383): avc: denied { transition } for pid=1401 comm="(systemd)" path="/usr/lib/systemd/systemd" dev="sda5" ino=753295 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0 Hash: (systemd),init_t,unconfined_t,process,transition Version-Release number of selected component: selinux-policy-3.13.1-147.fc24.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.3.0-0.rc1.git3.1.fc24.x86_64 type: libreport
https://github.com/fedora-selinux/selinux-policy/commit/c7d98ff11daa0743f46c1500196ef1eae9b79f74 commit c7d98ff11daa0743f46c1500196ef1eae9b79f74 Author: Miroslav Grepl <mgrepl> Date: Mon Sep 21 09:36:46 2015 +0200 Add login_userdomain attribute also for unconfined_t.