On Fedora Rawhide Atomic Host, we started to see the following denials in the journal: # journalctl -b | grep denied Sep 25 20:36:12 micah-f26ah-0925a.localdomain audit[638]: AVC avc: denied { dac_override } for pid=638 comm="systemd-tmpfile" capability=1 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:system_r:systemd_tmpfiles_t:s0 tclass=capability permissive=0 Sep 25 20:36:12 micah-f26ah-0925a.localdomain systemd-tmpfiles[638]: rm_rf(/run/rpcbind): Permission denied Sep 25 20:36:12 micah-f26ah-0925a.localdomain audit[638]: AVC avc: denied { dac_override } for pid=638 comm="systemd-tmpfile" capability=1 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:system_r:systemd_tmpfiles_t:s0 tclass=capability permissive=0 Sep 25 20:36:12 micah-f26ah-0925a.localdomain systemd-tmpfiles[638]: Failed to create directory or subvolume "/run/systemd/netif/links": Permission denied Sep 25 20:36:12 micah-f26ah-0925a.localdomain audit[638]: AVC avc: denied { dac_override } for pid=638 comm="systemd-tmpfile" capability=1 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:system_r:systemd_tmpfiles_t:s0 tclass=capability permissive=0 Sep 25 20:36:12 micah-f26ah-0925a.localdomain systemd-tmpfiles[638]: Failed to create directory or subvolume "/run/systemd/netif/leases": Permission denied # rpm-ostree status State: idle Deployments: ● custom:fedora/rawhide/x86_64/atomic-host Version: Rawhide.20170924.n.0 (2017-09-24 11:16:45) Commit: 6bb8843defda64d36f49cbe080b3a4de36cea2718d483284dcfdfbd40554e183 # rpm -q selinux-policy selinux-policy-3.13.1-288.fc28.noarch