Bug 1481346 - SELinux violations preventing systemd-journald from starting
Summary: SELinux violations preventing systemd-journald from starting
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 27
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-14 16:06 UTC by Micah Abbott
Modified: 2017-09-25 19:07 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-25 19:07:40 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Micah Abbott 2017-08-14 16:06:12 UTC 
(This is probably not a bug in 'ostree', but I couldn't see any other obvious candidates in the pkg diff...)

After upgrading a Rawhide Atomic Host to Rawhide.20170811.n.2, the journal fails to start.

This was first noticed when trying to run a Docker image:

# docker run --rm docker.io/alpine echo hello
/usr/bin/docker-current: Error response from daemon: Failed to initialize logging driver: journald is not enabled on this host.


A little investigation showed the journal doesn't after 'Switch Root' which was preceded by the 'ostree-prepare-root':

# journalctl -b -e
...
Aug 14 15:52:10 localhost systemd[1]: Closed udev Kernel Socket.
Aug 14 15:52:10 localhost systemd[1]: Closed udev Control Socket.
Aug 14 15:52:10 localhost systemd[1]: Starting Cleanup udevd DB...
Aug 14 15:52:10 localhost systemd[1]: Started Cleanup udevd DB.
Aug 14 15:52:10 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=initrd-udevadm-cleanup-db comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? termin
Aug 14 15:52:10 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=initrd-udevadm-cleanup-db comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? termina
Aug 14 15:52:10 localhost systemd[1]: Reached target Switch Root.
Aug 14 15:52:10 localhost systemd[1]: Starting OSTree Prepare OS/...
Aug 14 15:52:10 localhost ostree-prepare-root[562]: Examining /sysroot//ostree/boot.1/fedora-atomic/59de1e7c85dbfe87a22c370f817b5109be5209686f57dcbdea91a23f6196c7fd/0
Aug 14 15:52:10 localhost ostree-prepare-root[562]: Resolved OSTree target to: /sysroot/ostree/deploy/fedora-atomic/deploy/6a7ebd738e870c8bdf5027a445e31d68c78f6ebd5626e9fe41542b99b4eeb334.1
Aug 14 15:52:10 localhost systemd[1]: Started OSTree Prepare OS/.
Aug 14 15:52:10 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=ostree-prepare-root comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? r
Aug 14 15:52:10 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=ostree-prepare-root comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? re
Aug 14 15:52:10 localhost systemd[1]: Starting Switch Root...
Aug 14 15:52:10 localhost systemd[1]: Switching root.
Aug 14 15:52:10 localhost systemd-journald[178]: Journal stopped


# rpm-ostree status
State: idle
Deployments:
● custom:fedora/rawhide/x86_64/atomic-host
                   Version: Rawhide.20170811.n.2 (2017-08-12 07:37:41)
                    Commit: 6a7ebd738e870c8bdf5027a445e31d68c78f6ebd5626e9fe41542b99b4eeb334

  custom:fedora/rawhide/x86_64/atomic-host
                   Version: Rawhide.20170807.n.0 (2017-08-07 11:37:53)
                    Commit: ee4e5af6241ed6cd284a32f809291d62973cb596632f2c0acc27be577cf1fdbc

# systemctl status systemd-journald
● systemd-journald.service - Journal Service
   Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2017-08-14 15:52:11 UTC; 9min ago
     Docs: man:systemd-journald.service(8)
           man:journald.conf(5)
  Process: 613 ExecStart=/usr/lib/systemd/systemd-journald (code=exited, status=1/FAILURE)
 Main PID: 613 (code=exited, status=1/FAILURE)

# systemctl --all --failed
  UNIT                            LOAD   ACTIVE SUB    DESCRIPTION                                      
● cloud-init.service              loaded failed failed Initial cloud-init job (metadata service crawler)
● systemd-journald.service        loaded failed failed Journal Service                                  
● systemd-journald-audit.socket   loaded failed failed Journal Audit Socket                             
● systemd-journald-dev-log.socket loaded failed failed Journal Socket (/dev/log)                        
● systemd-journald.socket         loaded failed failed Journal Socket                                   

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

5 loaded units listed.
To show all installed unit files use 'systemctl list-unit-files'.


# rpm-ostree db diff ee4e5af6241ed6cd284a32f809291d62973cb596632f2c0acc27be577cf1fdbc 6a7ebd738e870c8bdf5027a445e31d68c78f6ebd5626e9fe41542b99b4eeb334                                 
ostree diff commit old: ee4e5af6241ed6cd284a32f809291d62973cb596632f2c0acc27be577cf1fdbc
ostree diff commit new: 6a7ebd738e870c8bdf5027a445e31d68c78f6ebd5626e9fe41542b99b4eeb334
Upgraded:
  GeoIP 1.6.11-1.fc27.x86_64 -> 1.6.11-3.fc27.x86_64
  GeoIP-GeoLite-data 2017.07-2.fc27.noarch -> 2017.08-1.fc27.noarch
  NetworkManager 1:1.8.2-3.fc27.x86_64 -> 1:1.8.2-3.fc27.2.x86_64
  NetworkManager-libnm 1:1.8.2-3.fc27.x86_64 -> 1:1.8.2-3.fc27.2.x86_64
  NetworkManager-team 1:1.8.2-3.fc27.x86_64 -> 1:1.8.2-3.fc27.2.x86_64
  acl 2.2.52-16.fc27.x86_64 -> 2.2.52-18.fc27.x86_64
  atomic 1.18.1-5.fc27.x86_64 -> 1.18.1-7.fc27.x86_64
  atomic-registries 1.18.1-5.fc27.x86_64 -> 1.18.1-7.fc27.x86_64
  attr 2.4.47-19.fc27.x86_64 -> 2.4.47-21.fc27.x86_64
  audit 2.7.7-3.fc27.x86_64 -> 2.7.7-5.fc27.x86_64
  audit-libs 2.7.7-3.fc27.x86_64 -> 2.7.7-5.fc27.x86_64
  audit-libs-python 2.7.7-3.fc27.x86_64 -> 2.7.7-5.fc27.x86_64
  audit-libs-python3 2.7.7-3.fc27.x86_64 -> 2.7.7-5.fc27.x86_64
  authconfig 7.0.1-2.fc27.x86_64 -> 7.0.1-4.fc27.x86_64
  bash 4.4.12-6.fc27.x86_64 -> 4.4.12-9.fc27.x86_64
  bridge-utils 1.5-14.fc26.x86_64 -> 1.5-16.fc27.x86_64
  bubblewrap 0.1.8-1.fc27.x86_64 -> 0.1.8-3.fc27.x86_64
  bzip2 1.0.6-22.fc26.x86_64 -> 1.0.6-24.fc27.x86_64
  bzip2-libs 1.0.6-22.fc26.x86_64 -> 1.0.6-24.fc27.x86_64
  checkpolicy 2.6-1.fc26.x86_64 -> 2.7-1.fc27.x86_64
  chkconfig 1.10-1.fc27.x86_64 -> 1.10-3.fc27.x86_64
  chrony 3.2-0.1.pre1.fc27.x86_64 -> 3.2-0.3.pre1.fc27.x86_64
  compat-openssl10 1:1.0.2j-6.fc26.x86_64 -> 1:1.0.2j-8.fc27.x86_64
  coreutils 8.27-13.fc27.x86_64 -> 8.27-14.fc27.x86_64
  coreutils-common 8.27-13.fc27.x86_64 -> 8.27-14.fc27.x86_64
  cracklib 2.9.6-5.fc26.x86_64 -> 2.9.6-7.fc27.x86_64
  cracklib-dicts 2.9.6-5.fc26.x86_64 -> 2.9.6-7.fc27.x86_64
  criu 3.3-2.fc27.x86_64 -> 3.3-4.fc27.x86_64
  cryptsetup 1.7.5-1.fc27.x86_64 -> 1.7.5-3.fc27.x86_64
  cryptsetup-libs 1.7.5-1.fc27.x86_64 -> 1.7.5-3.fc27.x86_64
  curl 7.54.1-7.fc27.x86_64 -> 7.55.0-1.fc27.x86_64
  cyrus-sasl-lib 2.1.26-32.fc27.x86_64 -> 2.1.26-34.fc27.x86_64
  dbus-glib 0.108-2.fc26.x86_64 -> 0.108-4.fc27.x86_64
  device-mapper 1.02.142-3.fc27.x86_64 -> 1.02.142-4.fc27.x86_64
  device-mapper-event 1.02.142-3.fc27.x86_64 -> 1.02.142-4.fc27.x86_64
  device-mapper-event-libs 1.02.142-3.fc27.x86_64 -> 1.02.142-4.fc27.x86_64
  device-mapper-libs 1.02.142-3.fc27.x86_64 -> 1.02.142-4.fc27.x86_64
  device-mapper-persistent-data 0.7.0-0.4.rc6.fc27.x86_64 -> 0.7.0-0.6.rc6.fc27.x86_64
  diffutils 3.6-1.fc27.x86_64 -> 3.6-3.fc27.x86_64
  docker 2:1.13.1-22.git27e468e.fc27.x86_64 -> 2:1.13.1-25.gitb5e3294.fc27.x86_64
  docker-common 2:1.13.1-22.git27e468e.fc27.x86_64 -> 2:1.13.1-25.gitb5e3294.fc27.x86_64
  docker-rhel-push-plugin 2:1.13.1-22.git27e468e.fc27.x86_64 -> 2:1.13.1-25.gitb5e3294.fc27.x86_64
  dracut 045-18.git20170515.fc27.x86_64 -> 046-2.git20170811.fc27.x86_64
  dracut-config-generic 045-18.git20170515.fc27.x86_64 -> 046-2.git20170811.fc27.x86_64
  dracut-network 045-18.git20170515.fc27.x86_64 -> 046-2.git20170811.fc27.x86_64
  e2fsprogs 1.43.4-2.fc26.x86_64 -> 1.43.5-2.fc27.x86_64
  e2fsprogs-libs 1.43.4-2.fc26.x86_64 -> 1.43.5-2.fc27.x86_64
  efibootmgr 15-1.fc27.x86_64 -> 15-3.fc27.x86_64
  efivar-libs 31-1.fc27.x86_64 -> 31-3.fc27.x86_64
  emacs-filesystem 1:25.2-6.fc27.noarch -> 1:25.2-7.fc27.noarch
  fedora-logos 26.0.1-1.fc27.x86_64 -> 26.0.1-3.fc27.x86_64
  file 5.31-5.fc27.x86_64 -> 5.31-7.fc27.x86_64
  file-libs 5.31-5.fc27.x86_64 -> 5.31-7.fc27.x86_64
  filesystem 3.3-1.fc27.x86_64 -> 3.3-3.fc27.x86_64
  findutils 1:4.6.0-12.fc27.x86_64 -> 1:4.6.0-14.fc27.x86_64
  fipscheck 1.5.0-1.fc26.x86_64 -> 1.5.0-3.fc27.x86_64
  fipscheck-lib 1.5.0-1.fc26.x86_64 -> 1.5.0-3.fc27.x86_64
  freetype 2.8-3.fc27.x86_64 -> 2.8-5.fc27.x86_64
  fuse 2.9.7-7.fc27.x86_64 -> 2.9.7-9.fc27.x86_64
  fuse-common 3.1.0-7.fc27.x86_64 -> 3.1.1-9.fc27.x86_64
  fuse-libs 2.9.7-7.fc27.x86_64 -> 2.9.7-9.fc27.x86_64
  gawk 4.1.4-3.fc26.x86_64 -> 4.1.4-5.fc27.x86_64
  gc 7.6.0-4.fc27.x86_64 -> 7.6.0-7.fc27.x86_64
  gdbm 1.13-1.fc27.x86_64 -> 1.13-3.fc27.x86_64
  gettext 0.19.8.1-9.fc27.x86_64 -> 0.19.8.1-11.fc27.x86_64
  gettext-libs 0.19.8.1-9.fc27.x86_64 -> 0.19.8.1-11.fc27.x86_64
  glib-networking 2.50.0-2.fc26.x86_64 -> 2.50.0-4.fc27.x86_64
  glib2 2.53.4-4.fc27.x86_64 -> 2.53.5-1.fc27.x86_64
  gmp 1:6.1.2-4.fc27.x86_64 -> 1:6.1.2-6.fc27.x86_64
  gnupg 1.4.22-1.fc27.x86_64 -> 1.4.22-3.fc27.x86_64
  gnupg2 2.1.21-3.fc27.x86_64 -> 2.1.22-1.fc27.x86_64
  gnupg2-smime 2.1.21-3.fc27.x86_64 -> 2.1.22-1.fc27.x86_64
  gnutls 3.5.14-1.fc27.x86_64 -> 3.5.14-3.fc27.x86_64
  gobject-introspection 1.53.4-4.fc27.x86_64 -> 1.53.4-5.fc27.x86_64
  gpgme 1.9.0-1.fc27.x86_64 -> 1.9.0-5.fc27.x86_64
  grep 3.1-1.fc27.x86_64 -> 3.1-3.fc27.x86_64
  grub2 1:2.02-3.fc27.x86_64 -> 1:2.02-6.fc27.x86_64
  grub2-efi 1:2.02-3.fc27.x86_64 -> 1:2.02-6.fc27.x86_64
  grub2-tools 1:2.02-3.fc27.x86_64 -> 1:2.02-6.fc27.x86_64
  grubby 8.40-4.fc26.x86_64 -> 8.40-6.fc27.x86_64
  gsettings-desktop-schemas 3.24.0-1.fc27.x86_64 -> 3.24.0-3.fc27.x86_64
  guile 5:2.0.14-1.fc26.x86_64 -> 5:2.0.14-3.fc27.x86_64
  gzip 1.8-2.fc26.x86_64 -> 1.8-4.fc27.x86_64
  hardlink 1:1.3-1.fc27.x86_64 -> 1:1.3-3.fc27.x86_64
  hostname 3.18-2.fc26.x86_64 -> 3.18-4.fc27.x86_64
  info 6.4-3.fc27.x86_64 -> 6.4-5.fc27.x86_64
  initscripts 9.72-1.fc27.x86_64 -> 9.76-1.fc27.1.x86_64
  ipcalc 0.2.0-1.fc27.x86_64 -> 0.2.0-3.fc27.x86_64
  iproute 4.12.0-1.fc27.x86_64 -> 4.12.0-3.fc27.x86_64
  iproute-tc 4.12.0-1.fc27.x86_64 -> 4.12.0-3.fc27.x86_64
  iptables 1.6.1-2.fc26.x86_64 -> 1.6.1-4.fc27.x86_64
  iptables-libs 1.6.1-2.fc26.x86_64 -> 1.6.1-4.fc27.x86_64
  iptables-services 1.6.1-2.fc26.x86_64 -> 1.6.1-4.fc27.x86_64
  iputils 20161105-6.fc27.x86_64 -> 20161105-7.fc27.x86_64
  iscsi-initiator-utils 6.2.0.874-4.git86e8892.fc27.x86_64 -> 6.2.0.874-6.git86e8892.fc27.x86_64
  iscsi-initiator-utils-iscsiuio 6.2.0.874-4.git86e8892.fc27.x86_64 -> 6.2.0.874-6.git86e8892.fc27.x86_64
  isns-utils-libs 0.97-3.fc27.x86_64 -> 0.97-5.fc27.x86_64
  jansson 2.10-2.fc27.x86_64 -> 2.10-4.fc27.x86_64
  json-glib 1.3.2-1.fc27.x86_64 -> 1.3.2-3.fc27.x86_64
  kbd 2.0.4-2.fc26.x86_64 -> 2.0.4-4.fc27.x86_64
  kbd-legacy 2.0.4-2.fc26.noarch -> 2.0.4-4.fc27.noarch
  kbd-misc 2.0.4-2.fc26.noarch -> 2.0.4-4.fc27.noarch
  kernel 4.13.0-0.rc3.git4.1.fc27.x86_64 -> 4.13.0-0.rc4.git4.1.fc27.x86_64
  kernel-core 4.13.0-0.rc3.git4.1.fc27.x86_64 -> 4.13.0-0.rc4.git4.1.fc27.x86_64
  kernel-modules 4.13.0-0.rc3.git4.1.fc27.x86_64 -> 4.13.0-0.rc4.git4.1.fc27.x86_64
  keyutils 1.5.10-1.fc27.x86_64 -> 1.5.10-3.fc27.x86_64
  keyutils-libs 1.5.10-1.fc27.x86_64 -> 1.5.10-3.fc27.x86_64
  kmod 24-1.fc26.x86_64 -> 24-3.fc27.x86_64
  kmod-libs 24-1.fc26.x86_64 -> 24-3.fc27.x86_64
  krb5-libs 1.15.1-20.fc27.x86_64 -> 1.15.1-21.fc27.x86_64
  less 487-3.fc27.x86_64 -> 487-5.fc27.x86_64
  libacl 2.2.52-16.fc27.x86_64 -> 2.2.52-18.fc27.x86_64
  libaio 0.3.110-7.fc26.x86_64 -> 0.3.110-9.fc27.x86_64
  libarchive 3.3.1-1.fc27.x86_64 -> 3.3.1-3.fc27.x86_64
  libassuan 2.4.3-2.fc26.x86_64 -> 2.4.3-6.fc27.x86_64
  libatomic_ops 7.4.6-1.fc27.x86_64 -> 7.4.6-3.fc27.x86_64
  libattr 2.4.47-19.fc27.x86_64 -> 2.4.47-21.fc27.x86_64
  libbasicobjects 0.1.1-30.fc26.x86_64 -> 0.1.1-33.fc27.x86_64
  libcap 2.25-5.fc26.x86_64 -> 2.25-7.fc27.x86_64
  libcap-ng 0.7.8-3.fc26.x86_64 -> 0.7.8-5.fc27.x86_64
  libcgroup 0.41-11.fc26.x86_64 -> 0.41-13.fc27.x86_64
  libcollection 0.7.0-30.fc26.x86_64 -> 0.7.0-33.fc27.x86_64
  libcom_err 1.43.4-2.fc26.x86_64 -> 1.43.5-2.fc27.x86_64
  libcroco 0.6.12-1.fc27.x86_64 -> 0.6.12-3.fc27.x86_64
  libcurl 7.54.1-7.fc27.x86_64 -> 7.55.0-1.fc27.x86_64
  libdaemon 0.14-11.fc26.x86_64 -> 0.14-13.fc27.x86_64
  libdb 5.3.28-24.fc27.x86_64 -> 5.3.28-26.fc27.x86_64
  libdb-utils 5.3.28-24.fc27.x86_64 -> 5.3.28-26.fc27.x86_64
  libedit 3.1-18.20170329cvs.fc27.x86_64 -> 3.1-20.20170329cvs.fc27.x86_64
  libev 4.24-2.fc26.x86_64 -> 4.24-4.fc27.x86_64
  libevent 2.0.22-3.fc27.x86_64 -> 2.0.22-6.fc27.x86_64
  libffi 3.1-12.fc27.x86_64 -> 3.1-14.fc27.x86_64
  libgcc 7.1.1-6.fc27.x86_64 -> 7.1.1-7.fc27.1.x86_64
  libgcrypt 1.7.8-1.fc27.x86_64 -> 1.7.8-3.fc27.x86_64
  libgomp 7.1.1-6.fc27.x86_64 -> 7.1.1-7.fc27.1.x86_64
  libgpg-error 1.27-1.fc27.x86_64 -> 1.27-3.fc27.x86_64
  libidn 1.33-2.fc26.x86_64 -> 1.33-4.fc27.x86_64
  libini_config 1.3.0-30.fc26.x86_64 -> 1.3.0-33.fc27.x86_64
  libksba 1.3.5-3.fc26.x86_64 -> 1.3.5-5.fc27.x86_64
  libmetalink 0.1.3-2.fc26.x86_64 -> 0.1.3-4.fc27.x86_64
  libmnl 1.0.4-2.fc26.x86_64 -> 1.0.4-4.fc27.x86_64
  libmodman 2.0.1-14.fc27.x86_64 -> 2.0.1-16.fc27.x86_64
  libndp 1.6-2.fc26.x86_64 -> 1.6-4.fc27.x86_64
  libnet 1.1.6-12.fc26.x86_64 -> 1.1.6-14.fc27.x86_64
  libnetfilter_conntrack 1.0.6-2.fc26.x86_64 -> 1.0.6-4.fc27.x86_64
  libnfnetlink 1.0.1-9.fc26.x86_64 -> 1.0.1-11.fc27.x86_64
  libnfsidmap 0.27-1.fc26.x86_64 -> 0.27-3.fc27.x86_64
  libnghttp2 1.24.0-3.fc27.x86_64 -> 1.24.0-4.fc27.x86_64
  libnl3 3.3.0-1.fc27.x86_64 -> 3.3.0-3.fc27.x86_64
  libnl3-cli 3.3.0-1.fc27.x86_64 -> 3.3.0-3.fc27.x86_64
  libpath_utils 0.2.1-30.fc26.x86_64 -> 0.2.1-33.fc27.x86_64
  libpcap 14:1.8.1-4.fc27.x86_64 -> 14:1.8.1-6.fc27.x86_64
  libproxy 0.4.15-2.fc27.x86_64 -> 0.4.15-4.fc27.x86_64
  libpsl 0.17.0-2.fc26.x86_64 -> 0.18.0-1.fc27.x86_64
  libpwquality 1.4.0-1.fc27.x86_64 -> 1.4.0-3.fc27.x86_64
  libref_array 0.1.5-30.fc26.x86_64 -> 0.1.5-33.fc27.x86_64
  libreport-filesystem 2.9.1-2.fc27.x86_64 -> 2.9.1-4.fc27.x86_64
  libseccomp 2.3.2-3.fc27.x86_64 -> 2.3.2-5.fc27.x86_64
  libsecret 0.18.5-3.fc26.x86_64 -> 0.18.5-5.fc27.x86_64
  libselinux 2.6-9.fc27.x86_64 -> 2.7-1.fc27.x86_64
  libselinux-python 2.6-9.fc27.x86_64 -> 2.7-1.fc27.x86_64
  libselinux-python3 2.6-9.fc27.x86_64 -> 2.7-1.fc27.x86_64
  libselinux-utils 2.6-9.fc27.x86_64 -> 2.7-1.fc27.x86_64
  libsemanage 2.6-4.fc27.x86_64 -> 2.7-1.fc27.x86_64
  libsemanage-python 2.6-4.fc27.x86_64 -> 2.7-1.fc27.x86_64
  libsemanage-python3 2.6-4.fc27.x86_64 -> 2.7-1.fc27.x86_64
  libsepol 2.6-4.fc27.x86_64 -> 2.7-1.fc27.x86_64
  libsigsegv 2.11-1.fc26.x86_64 -> 2.11-3.fc27.x86_64
  libsolv 0.6.28-5.fc27.x86_64 -> 0.6.28-8.fc27.x86_64
  libss 1.43.4-2.fc26.x86_64 -> 1.43.5-2.fc27.x86_64
  libssh2 1.8.0-2.fc26.x86_64 -> 1.8.0-4.fc27.x86_64
  libstdc++ 7.1.1-6.fc27.x86_64 -> 7.1.1-7.fc27.1.x86_64
  libtasn1 4.12-1.fc27.x86_64 -> 4.12-3.fc27.x86_64
  libteam 1.27-1.fc27.x86_64 -> 1.27-3.fc27.x86_64
  libtool-ltdl 2.4.6-18.fc27.x86_64 -> 2.4.6-20.fc27.x86_64
  libunistring 0.9.7-1.fc26.x86_64 -> 0.9.7-3.fc27.x86_64
  libunwind 1.2-1.fc27.x86_64 -> 1.2-3.fc27.x86_64
  libusb 1:0.1.5-8.fc26.x86_64 -> 1:0.1.5-10.fc27.x86_64
  libusbx 1.0.21-2.fc26.x86_64 -> 1.0.21-4.fc27.x86_64
  libuser 0.62-7.fc27.x86_64 -> 0.62-9.fc27.x86_64
  libutempter 1.1.6-9.fc26.x86_64 -> 1.1.6-11.fc27.x86_64
  libverto 0.2.6-10.fc27.x86_64 -> 0.2.6-11.fc27.x86_64
  libverto-libev 0.2.6-10.fc27.x86_64 -> 0.2.6-11.fc27.x86_64
  libxkbcommon 0.7.1-3.fc27.x86_64 -> 0.7.1-5.fc27.x86_64
  libxml2 2.9.4-2.fc26.x86_64 -> 2.9.4-4.fc27.x86_64
  libyaml 0.1.7-2.fc26.x86_64 -> 0.1.7-4.fc27.x86_64
  linux-atm-libs 2.5.1-17.fc27.x86_64 -> 2.5.1-19.fc27.x86_64
  lsof 4.89-5.fc26.x86_64 -> 4.89-7.fc27.x86_64
  lua-libs 5.3.4-3.fc27.x86_64 -> 5.3.4-5.fc27.x86_64
  lvm2 2.02.173-3.fc27.x86_64 -> 2.02.173-4.fc27.x86_64
  lvm2-libs 2.02.173-3.fc27.x86_64 -> 2.02.173-4.fc27.x86_64
  lz4-libs 1.7.5-4.fc27.x86_64 -> 1.7.5-6.fc27.x86_64
  lzo 2.08-9.fc26.x86_64 -> 2.08-11.fc27.x86_64
  make 1:4.2.1-2.fc26.x86_64 -> 1:4.2.1-4.fc27.x86_64
  mdadm 4.0-3.fc27.x86_64 -> 4.0-5.fc27.x86_64
  mokutil 1:0.3.0-5.fc27.x86_64 -> 1:0.3.0-7.fc27.x86_64
  mozjs17 17.0.0-19.fc27.x86_64 -> 17.0.0-21.fc27.x86_64
  mpfr 3.1.5-3.fc27.x86_64 -> 3.1.5-5.fc27.x86_64
  ncurses 6.0-12.20170722.fc27.x86_64 -> 6.0-13.20170722.fc27.x86_64
  ncurses-base 6.0-12.20170722.fc27.noarch -> 6.0-13.20170722.fc27.noarch
  ncurses-libs 6.0-12.20170722.fc27.x86_64 -> 6.0-13.20170722.fc27.x86_64
  net-tools 2.0-0.42.20160912git.fc26.x86_64 -> 2.0-0.44.20160912git.fc27.x86_64
  nettle 3.3-2.fc26.x86_64 -> 3.3-5.fc27.x86_64
  npth 1.5-1.fc27.x86_64 -> 1.5-3.fc27.x86_64
  nss 3.31.0-4.fc27.x86_64 -> 3.32.0-2.fc27.x86_64
  nss-altfiles 2.18.1-8.fc26.x86_64 -> 2.18.1-10.fc27.x86_64
  nss-pem 1.0.3-3.fc27.x86_64 -> 1.0.3-5.fc27.x86_64
  nss-softokn 3.31.0-2.fc27.x86_64 -> 3.32.0-3.fc27.x86_64
  nss-softokn-freebl 3.31.0-2.fc27.x86_64 -> 3.32.0-3.fc27.x86_64
  nss-sysinit 3.31.0-4.fc27.x86_64 -> 3.32.0-2.fc27.x86_64
  nss-tools 3.31.0-4.fc27.x86_64 -> 3.32.0-2.fc27.x86_64
  nss-util 3.31.0-2.fc27.x86_64 -> 3.32.0-2.fc27.x86_64
  oci-register-machine 0-3.10.gitcbf1b8f.fc27.x86_64 -> 0-5.10.gitcbf1b8f.fc27.x86_64
  oci-systemd-hook 1:0.1.10-1.gitfbf3b42.fc27.x86_64 -> 1:0.1.12-1.git1e84754.fc27.x86_64
  oci-umount 2:1.13.1-22.git27e468e.fc27.x86_64 -> 2:1.13.1-25.gitb5e3294.fc27.x86_64
  oddjob 0.34.4-1.fc26.x86_64 -> 0.34.4-3.fc27.x86_64
  oddjob-mkhomedir 0.34.4-1.fc26.x86_64 -> 0.34.4-3.fc27.x86_64
  openldap 2.4.45-1.fc27.x86_64 -> 2.4.45-3.fc27.x86_64
  openssl 1:1.1.0f-7.fc27.x86_64 -> 1:1.1.0f-9.fc27.x86_64
  openssl-libs 1:1.1.0f-7.fc27.x86_64 -> 1:1.1.0f-9.fc27.x86_64
  os-prober 1.74-1.fc27.x86_64 -> 1.74-3.fc27.x86_64
  ostree 2017.9-3.fc27.x86_64 -> 2017.9-4.fc27.x86_64
  ostree-grub2 2017.9-3.fc27.x86_64 -> 2017.9-4.fc27.x86_64
  ostree-libs 2017.9-3.fc27.x86_64 -> 2017.9-4.fc27.x86_64
  p11-kit 0.23.7-1.fc27.x86_64 -> 0.23.7-3.fc27.x86_64
  p11-kit-trust 0.23.7-1.fc27.x86_64 -> 0.23.7-3.fc27.x86_64
  pam 1.3.0-3.fc27.x86_64 -> 1.3.0-5.fc27.x86_64
  passwd 0.79-10.fc27.x86_64 -> 0.79-12.fc27.x86_64
  pcre 8.41-1.fc27.x86_64 -> 8.41-1.fc27.2.x86_64
  policycoreutils 2.6-8.fc27.x86_64 -> 2.7-1.fc27.x86_64
  policycoreutils-python 2.6-8.fc27.x86_64 -> 2.7-1.fc27.x86_64
  policycoreutils-python-utils 2.6-8.fc27.x86_64 -> 2.7-1.fc27.x86_64
  policycoreutils-python3 2.6-8.fc27.x86_64 -> 2.7-1.fc27.x86_64
  polkit 0.113-13.fc27.x86_64 -> 0.113-15.fc27.x86_64
  polkit-libs 0.113-13.fc27.x86_64 -> 0.113-15.fc27.x86_64
  polkit-pkla-compat 0.1-8.fc26.x86_64 -> 0.1-10.fc27.x86_64
  popt 1.16-10.fc27.x86_64 -> 1.16-11.fc27.x86_64
  procps-ng 3.3.10-13.fc26.x86_64 -> 3.3.10-15.fc27.x86_64
  protobuf-c 1.2.1-5.fc27.x86_64 -> 1.2.1-7.fc27.x86_64
  psmisc 23.1-1.fc27.x86_64 -> 23.1-2.fc27.x86_64
  publicsuffix-list-dafsa 20170424-2.fc27.noarch -> 20170809-1.fc27.noarch
  python-backports 1.0-9.fc26.x86_64 -> 1.0-11.fc27.x86_64
  python-rhsm-certificates 1.20.1-2.fc27.x86_64 -> 1.20.1-3.fc27.x86_64
  python2-cffi 1.10.0-1.fc27.x86_64 -> 1.10.0-3.fc27.x86_64
  python2-setuptools 36.2.0-2.fc27.noarch -> 36.2.0-3.fc27.noarch
  python2-urllib3 1.21.1-1.fc27.noarch -> 1.22-2.fc27.noarch
  python3 3.6.2-5.fc27.x86_64 -> 3.6.2-7.fc27.x86_64
  python3-PyYAML 3.12-3.fc26.x86_64 -> 3.12-5.fc27.x86_64
  python3-cffi 1.10.0-1.fc27.x86_64 -> 1.10.0-3.fc27.x86_64
  python3-dbus 1.2.4-6.fc26.x86_64 -> 1.2.4-8.fc27.x86_64
  python3-gobject-base 3.24.1-1.fc27.x86_64 -> 3.24.1-3.fc27.x86_64
  python3-libs 3.6.2-5.fc27.x86_64 -> 3.6.2-7.fc27.x86_64
  python3-libxml2 2.9.4-2.fc26.x86_64 -> 2.9.4-4.fc27.x86_64
  python3-markupsafe 0.23-15.fc27.x86_64 -> 0.23-16.fc27.x86_64
  python3-rpm 4.13.0.1-41.fc27.x86_64 -> 4.13.90-0.git14002.2.fc27.x86_64
  python3-setuptools 36.2.0-2.fc27.noarch -> 36.2.0-3.fc27.noarch
  python3-urllib3 1.21.1-1.fc27.noarch -> 1.22-2.fc27.noarch
  qrencode-libs 3.4.4-1.fc27.x86_64 -> 3.4.4-3.fc27.x86_64
  readline 7.0-5.fc26.x86_64 -> 7.0-7.fc27.x86_64
  rpcbind 0.2.4-7.rc2.fc27.x86_64 -> 0.2.4-7.rc2.fc27.2.x86_64
  rpm 4.13.0.1-41.fc27.x86_64 -> 4.13.90-0.git14002.2.fc27.x86_64
  rpm-build-libs 4.13.0.1-41.fc27.x86_64 -> 4.13.90-0.git14002.2.fc27.x86_64
  rpm-libs 4.13.0.1-41.fc27.x86_64 -> 4.13.90-0.git14002.2.fc27.x86_64
  rpm-ostree 2017.7-3.fc27.x86_64 -> 2017.7-7.fc27.x86_64
  rpm-ostree-libs 2017.7-3.fc27.x86_64 -> 2017.7-7.fc27.x86_64
  rpm-plugin-selinux 4.13.0.1-41.fc27.x86_64 -> 4.13.90-0.git14002.2.fc27.x86_64
  rsync 3.1.2-5.fc27.x86_64 -> 3.1.2-7.fc27.x86_64
  runc 1:1.0.1-1.gitc5ec254.fc27.x86_64 -> 1:1.0.1-3.gitc5ec254.fc27.x86_64
  screen 4.6.1-1.fc27.x86_64 -> 4.6.1-3.fc27.x86_64
  sed 4.4-1.fc26.x86_64 -> 4.4-3.fc27.x86_64
  selinux-policy 3.13.1-266.fc27.noarch -> 3.13.1-270.fc27.noarch
  selinux-policy-targeted 3.13.1-266.fc27.noarch -> 3.13.1-270.fc27.noarch
  setools-console 4.1.0-3.fc27.x86_64 -> 4.1.1-2.fc27.x86_64
  setools-python 4.1.0-3.fc27.x86_64 -> 4.1.1-2.fc27.x86_64
  setools-python3 4.1.0-3.fc27.x86_64 -> 4.1.1-2.fc27.x86_64
  shadow-utils 2:4.5-1.fc27.x86_64 -> 2:4.5-3.fc27.x86_64
  shared-mime-info 1.8-3.fc27.x86_64 -> 1.8-5.fc27.x86_64
  skopeo 0.1.23-4.git1bbd87f.fc27.x86_64 -> 0.1.23-5.git1bbd87f.fc27.x86_64
  skopeo-containers 0.1.23-4.git1bbd87f.fc27.x86_64 -> 0.1.23-5.git1bbd87f.fc27.x86_64
  sudo 1.8.20p2-1.fc27.x86_64 -> 1.8.20p2-3.fc27.x86_64
  system-python 3.6.2-5.fc27.x86_64 -> 3.6.2-7.fc27.x86_64
  system-python-libs 3.6.2-5.fc27.x86_64 -> 3.6.2-7.fc27.x86_64
  tar 2:1.29-5.fc27.x86_64 -> 2:1.29-7.fc27.x86_64
  tcp_wrappers 7.6-85.fc26.x86_64 -> 7.6-87.fc27.x86_64
  tcp_wrappers-libs 7.6-85.fc26.x86_64 -> 7.6-87.fc27.x86_64
  teamd 1.27-1.fc27.x86_64 -> 1.27-3.fc27.x86_64
  timedatex 0.4-3.fc26.x86_64 -> 0.4-5.fc27.x86_64
  trousers 0.3.13-7.fc26.x86_64 -> 0.3.13-9.fc27.x86_64
  trousers-lib 0.3.13-7.fc26.x86_64 -> 0.3.13-9.fc27.x86_64
  vim-minimal 2:8.0.823-1.fc27.x86_64 -> 2:8.0.885-1.fc27.x86_64
  which 2.21-2.fc26.x86_64 -> 2.21-4.fc27.x86_64
  xfsprogs 4.12.0-3.fc27.x86_64 -> 4.12.0-4.fc27.x86_64
  xz 5.2.3-2.fc26.x86_64 -> 5.2.3-4.fc27.x86_64
  xz-libs 5.2.3-2.fc26.x86_64 -> 5.2.3-4.fc27.x86_64
  yajl 2.1.0-6.fc26.x86_64 -> 2.1.0-8.fc27.x86_64
  zlib 1.2.11-2.fc26.x86_64 -> 1.2.11-4.fc27.x86_64
Removed:
  ustr-1.0.4-22.fc26.x86_64
Comment 1 Jonathan Lebon 2017-08-14 19:04:07 UTC 
Looks like there are multiple SELinux violations happening. Of those relevant to the systemd journal:

# dmesg
...
[  254.445137] systemd-journald[1217]: Failed to map sequential number file, ignoring: Permission denied
[  254.447331] systemd-journald[1217]: Failed to open runtime journal: Permission denied

# grep 'avc.*denied.*systemd' /var/log/audit/audit.log
...
type=AVC msg=audit(1502736524.389:244): avc:  denied  { create } for  pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=netlink_audit_socket permissive=0
type=AVC msg=audit(1502736524.426:245): avc:  denied  { map } for  pid=1217 comm="systemd-journal" path="/run/systemd/journal/kernel-seqnum" dev="tmpfs" ino=12758 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1502736524.429:246): avc:  denied  { map } for  pid=1217 comm="systemd-journal" path="/run/log/journal/a2e532e83b9c4a7aa10ff02b78f71424/system.journal" dev="tmpfs" ino=12764 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1502736524.442:250): avc:  denied  { create } for  pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=netlink_audit_socket permissive=0
...
type=AVC msg=audit(1502736524.553:270): avc:  denied  { map } for  pid=1221 comm="systemd-journal" path="/run/log/journal/a2e532e83b9c4a7aa10ff02b78f71424/system.journal" dev="tmpfs" ino=12764 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=file permissive=0
...

Temporarily setting permissive mode shows the journal starting:

[root@f27-journal journal]# setenforce 0
[root@f27-journal journal]# systemctl start systemd-journald
[root@f27-journal journal]# systemctl status systemd-journald
● systemd-journald.service - Journal Service
   Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static; vendor preset: disabled)
   Active: active (running) since Mon 2017-08-14 18:53:41 UTC; 7min ago
     Docs: man:systemd-journald.service(8)
           man:journald.conf(5)
 Main PID: 1244 (systemd-journal)
   Status: "Processing requests..."
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/systemd-journald.service
           └─1244 /usr/lib/systemd/systemd-journald

Aug 14 18:53:41 f27-journal.localdomain systemd-journald[1244]: Journal started
Aug 14 18:53:41 f27-journal.localdomain systemd-journald[1244]: Runtime journal (/run/log/journal/a2e532e83b9c4a7aa10ff02b78f71424) is 8.0M, max 73.7M, 65.7M free.

Let's re-assign this to selinux-policy for now.
Comment 2 Jan Kurik 2017-08-15 08:56:21 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle.
Changing version to '27'.
Comment 3 Dusty Mabe 2017-08-23 14:58:24 UTC 
I assume POST means this: https://fedoraproject.org/wiki/BugZappers/BugStatusWorkFlow#POST

Can we get a link to and upstream pull request or associated patch?
Comment 4 Dusty Mabe 2017-08-23 15:13:23 UTC 
koji build with fix in rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=21421917 

selinux-policy-3.13.1-274.fc28
Comment 5 Dusty Mabe 2017-08-23 15:26:56 UTC 
and this koji build in f27: https://koji.fedoraproject.org/koji/taskinfo?taskID=21422240

selinux-policy-3.13.1-274.fc27
Comment 6 Dusty Mabe 2017-09-25 19:07:15 UTC 
seems to be fixed now
Note You need to log in before you can comment on or make changes to this bug.