Description of problem: Shutdown initiated by pressing power button freezes system for 1-2s, then shows selinux denial. SELinux is preventing /usr/bin/loginctl from 'open' accesses on the file /var/log/journal/07db66c8a9d149c7b7e5a668602ae8aa/system~. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that loginctl should be allowed open access on the system~ file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep loginctl /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:apmd_t:s0 Target Context system_u:object_r:var_log_t:s0 Target Objects /var/log/journal/07db66c8a9d149c7b7e5a668602ae8aa/ system~ [ file ] Source loginctl Source Path /usr/bin/loginctl Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-128.13.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.1.6-201.fc22.x86_64 #1 SMP Fri Sep 4 17:49:24 UTC 2015 x86_64 x86_64 Alert Count 8 First Seen 2015-09-22 20:24:59 CEST Last Seen 2015-09-22 20:24:59 CEST Local ID c4d7ed43-b3f6-4dfb-b54b-053ff884f327 Raw Audit Messages type=AVC msg=audit(1442946299.617:982): avc: denied { open } for pid=2431 comm="loginctl" path="/var/log/journal/07db66c8a9d149c7b7e5a668602ae8aa/system~" dev="dm-2" ino=1579595 scontext=system_u:system_r:apmd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0 Hash: loginctl,apmd_t,var_log_t,file,open Version-Release number of selected component: selinux-policy-3.13.1-128.13.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.6-201.fc22.x86_64 type: libreport
Dominick, do you have a policy for /var/log/journal?
Created attachment 1082617 [details] systemd-logind log output after pressing power button
The issue remains after updating selinux-policy to selinux-policy-3.13.1-128.16.fc22.noarch Poweroff, hibernate work from the shell and the xfce log out menu, only pressing the power button triggers the behaviour.
Using selinux-policy-3.13.1-128.18.fc22.noarch from f22 testing does not solve the problem.
Description of problem: it just randomly happens so far I can see Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-201.fc22.x86_64 type: libreport
Dominick, Could you help us? Check comment 1 Thank you.
Issue is still present with (updated) packages: Source RPM Packages systemd-219-25.fc22.x86_64 Policy RPM selinux-policy-3.13.1-128.21.fc22.noarch
With the upgrade to Fedora 23, the issue seems to have been resolved (for me at least) Systemd systemd-222-19 Policy selinux-policy-3.13.1-158.2 For my part, this bug can be closed.
Looks like this is fixed in systemd package. Closing this as NOTABUG. Feel free to re-open this issue if you see this AVC again.