Using the 'testing' branch of Fedora 26 Atomic Host (26.138), our automated tests detected a large amount of AVC denials for 'systemd' after booting into the deployment. The version of 'selinux-policy' installed is selinux-policy-3.13.1-260.12.fc26.noarch # rpm-ostree status State: idle Deployments: ● fedora-atomic:fedora/26/x86_64/testing/atomic-host Version: 26.138 (2017-10-11 02:17:28) Commit: 61d4a5dfa72be08937546189ad3511d6b7c7addeddcad7b93a60c54430fff86e GPGSignature: Valid signature by E641850B77DF435378D1D7E2812A6B4B64DAB85D # journalctl -b | grep 'avc: denied' Oct 11 03:10:15 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="console" dev="sysfs" ino=3170 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:15 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="autofs" dev="sysfs" ino=7152 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:15 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="id" dev="sysfs" ino=592 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:15 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[588]: AVC avc: denied { read } for pid=588 comm="systemd-getty-g" name="console" dev="sysfs" ino=3170 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:16 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:17 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="console" dev="sysfs" ino=3170 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:21 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:22 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:46 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:0" dev="sysfs" ino=11315 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="252:1" dev="sysfs" ino=11183 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0 Oct 11 03:10:59 jenkins-atomic-host-jobs-treecompose-improved-sanity-test-fedor audit[1]: AVC avc: denied { read } for pid=1 comm="systemd" name="253:1" dev="sysfs" ino=12900 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file permissive=0
this looks like https://bugzilla.redhat.com/show_bug.cgi?id=1499327, which was opened against rawhide last week. Hopefully the fix for that trickles into f26 as well.
*** Bug 1500766 has been marked as a duplicate of this bug. ***
selinux-policy-3.13.1-260.13.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-88b6a06bce
selinux-policy-3.13.1-260.13.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-88b6a06bce
selinux-policy-3.13.1-260.13.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.