Description of problem: SELinux is preventing journalctl from 'map' accesses on the file /var/log/journal/e0215049b3ad4b45be988a3894bb0931/system~. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that journalctl should be allowed map access on the system~ file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'journalctl' --raw | audit2allow -M my-journalctl # semodule -X 300 -i my-journalctl.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_log_t:s0 Target Objects /var/log/journal/e0215049b3ad4b45be988a3894bb0931/ system~ [ file ] Source journalctl Source Path journalctl Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-270.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.13.0-0.rc4.git4.1.fc27.x86_64 #1 SMP Fri Aug 11 15:03:46 UTC 2017 x86_64 x86_64 Alert Count 2 First Seen 2017-08-13 00:54:45 CEST Last Seen 2017-08-13 00:54:46 CEST Local ID 14df9d1b-ddc1-4c80-a934-7b2fe63ccfc0 Raw Audit Messages type=AVC msg=audit(1502578486.319:473): avc: denied { map } for pid=3064 comm="journalctl" path="/var/log/journal/e0215049b3ad4b45be988a3894bb0931/system~" dev="dm-0" ino=271739 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1 Hash: journalctl,abrt_t,var_log_t,file,map Version-Release number of selected component: selinux-policy-3.13.1-270.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.13.0-0.rc4.git4.1.fc27.x86_64 type: libreport
Note we may get quite a lot of dupes of this, as everyone's journal files will be named differently. I see the same denial for my journal file. It seems to prevent the journald service from starting correctly, which is obviously a big problem (and a Beta blocker, per 'Alpha' criterion "A system logging infrastructure must be available, enabled by default, and working.")
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle. Changing version to '27'.
I believe 3.13.1-272 resolved this: I have that version installed, and my system is booted in enforcing mode, and the journal works. So, closing this as fixed.