After installing latest updates on rawhide, it starts to give me permission errors. systemd-rfkill.service: Failed to set up special execution directory in /var/lib: Permission denied systemd-rfkill.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-rfkill: Permission denied Oct 14 20:13:50 sakura.omerusta systemd[1]: Starting Load/Save RF Kill Switch Status... Oct 14 20:13:50 sakura.omerusta systemd[708]: systemd-rfkill.service: Failed to set up special execution directory in /var/lib: Permission denied Oct 14 20:13:50 sakura.omerusta systemd[708]: systemd-rfkill.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-rfkill: Permission denied Oct 14 20:13:50 sakura.omerusta systemd[1]: systemd-rfkill.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Oct 14 20:13:57 sakura.omerusta kernel: audit: type=1130 audit(1508001237.962:86): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=lvm2-pvscan@8:5 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Oct 14 20:13:57 sakura.omerusta audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=lvm2-pvscan@8:5 comm="systemd" exe="/usr/lib/systemd/systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Oct 14 20:13:50 sakura.omerusta systemd[1]: systemd-rfkill.service: Failed with result 'exit-code'.
Could you try to reprodudce it then attach output of: # ausearch -m USER_AVC,AVC -ts today Thanks, Lukas.
Hello The problem still exists but it doesn't show in the output of the command you wanted. Those outputs are related the bug #1502168 output : time->Tue Oct 17 19:55:33 2017 type=AVC msg=audit(1508259333.227:110): avc: denied { mounton } for pid=883 comm="(uetoothd)" path="/var/lib/bluetooth" dev="dm-0" ino=791393 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:bluetooth_var_lib_t:s0 tclass=dir permissive=0 ---- time->Tue Oct 17 19:55:33 2017 type=AVC msg=audit(1508259333.251:112): avc: denied { map } for pid=883 comm="bluetoothd" path="/usr/libexec/bluetooth/bluetoothd" dev="dm-0" ino=788389 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:bluetooth_exec_t:s0 tclass=file permissive=0 ---- time->Tue Oct 17 19:56:26 2017 type=AVC msg=audit(1508259386.138:251): avc: denied { mounton } for pid=1958 comm="(uetoothd)" path="/var/lib/bluetooth" dev="dm-0" ino=791393 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:bluetooth_var_lib_t:s0 tclass=dir permissive=0 ---- time->Tue Oct 17 19:56:26 2017 type=AVC msg=audit(1508259386.141:253): avc: denied { map } for pid=1958 comm="bluetoothd" path="/usr/libexec/bluetooth/bluetoothd" dev="dm-0" ino=788389 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:bluetooth_exec_t:s0 tclass=file permissive=0 ---- time->Tue Oct 17 19:57:09 2017 type=AVC msg=audit(1508259429.384:261): avc: denied { mounton } for pid=2655 comm="(uetoothd)" path="/var/lib/bluetooth" dev="dm-0" ino=791393 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:bluetooth_var_lib_t:s0 tclass=dir permissive=0 ---- time->Tue Oct 17 19:57:09 2017 type=AVC msg=audit(1508259429.389:263): avc: denied { map } for pid=2655 comm="bluetoothd" path="/usr/libexec/bluetooth/bluetoothd" dev="dm-0" ino=788389 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:bluetooth_exec_t:s0 tclass=file permissive=0 but still having same missing permission errors in journald : Oct 17 19:55:19 sakura.omerusta systemd[1]: Starting Load/Save RF Kill Switch Status... Oct 17 19:55:19 sakura.omerusta systemd[705]: systemd-rfkill.service: Failed to set up special execution directory in /var/lib: Permission denied Oct 17 19:55:19 sakura.omerusta systemd[705]: systemd-rfkill.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-rfkill: Permission denied Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Oct 17 19:55:30 sakura.omerusta kernel: kauditd_printk_skb: 3 callbacks suppressed Oct 17 19:55:30 sakura.omerusta kernel: audit: type=1130 audit(1508259330.265:93): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-setup comm="systemd" exe= Oct 17 19:55:30 sakura.omerusta audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-setup comm="systemd" exe="/usr/lib/systemd/systemd" Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Failed with result 'exit-code'. Oct 17 19:55:19 sakura.omerusta systemd[1]: Failed to start Load/Save RF Kill Switch Status. Oct 17 19:55:19 sakura.omerusta systemd[1]: Starting Load/Save RF Kill Switch Status... Oct 17 19:55:19 sakura.omerusta systemd[708]: systemd-rfkill.service: Failed to set up special execution directory in /var/lib: Permission denied Oct 17 19:55:19 sakura.omerusta systemd[708]: systemd-rfkill.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-rfkill: Permission denied Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Failed with result 'exit-code'. Oct 17 19:55:19 sakura.omerusta systemd[1]: Failed to start Load/Save RF Kill Switch Status. Oct 17 19:55:19 sakura.omerusta systemd[1]: Starting Load/Save RF Kill Switch Status... Oct 17 19:55:19 sakura.omerusta systemd[709]: systemd-rfkill.service: Failed to set up special execution directory in /var/lib: Permission denied Oct 17 19:55:19 sakura.omerusta systemd[709]: systemd-rfkill.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-rfkill: Permission denied Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Failed with result 'exit-code'. Oct 17 19:55:19 sakura.omerusta systemd[1]: Failed to start Load/Save RF Kill Switch Status. Oct 17 19:55:19 sakura.omerusta systemd[1]: Starting Load/Save RF Kill Switch Status... Oct 17 19:55:19 sakura.omerusta systemd[710]: systemd-rfkill.service: Failed to set up special execution directory in /var/lib: Permission denied Oct 17 19:55:19 sakura.omerusta systemd[710]: systemd-rfkill.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-rfkill: Permission denied Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Failed with result 'exit-code'. Oct 17 19:55:19 sakura.omerusta systemd[1]: Failed to start Load/Save RF Kill Switch Status. Oct 17 19:55:19 sakura.omerusta systemd[1]: Starting Load/Save RF Kill Switch Status... Oct 17 19:55:19 sakura.omerusta systemd[711]: systemd-rfkill.service: Failed to set up special execution directory in /var/lib: Permission denied Oct 17 19:55:19 sakura.omerusta systemd[711]: systemd-rfkill.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-rfkill: Permission denied Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Failed with result 'exit-code'. Oct 17 19:55:19 sakura.omerusta systemd[1]: Failed to start Load/Save RF Kill Switch Status. Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Start request repeated too quickly. Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.service: Failed with result 'exit-code'. Oct 17 19:55:19 sakura.omerusta systemd[1]: Failed to start Load/Save RF Kill Switch Status. Oct 17 19:55:19 sakura.omerusta systemd[1]: systemd-rfkill.socket: Failed with result 'service-start-limit-hit'.
Still seeing this in Rawhide on some arm hardware type=AVC msg=audit(1516042920.764:236): avc: denied { create } for pid=888 comm="(d-rfkill)" name="rfkill" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_rfkill_var_lib_t:s0 tclass=dir permissive=0 type=PATH msg=audit(1516042920.768:237): item=0 name="/run/systemd/units/invocation:systemd-rfkill.service" inode=23170 dev=00:15 mode=0120777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=AVC msg=audit(1516042920.768:237): avc: denied { read } for pid=450 comm="systemd-journal" name="invocation:systemd-rfkill.service" dev="tmpfs" ino=23170 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=lnk_file permissive=0
Should be fixed in Rawhide.
still seeing this with selinux-policy-3.14.1-5.fc28.noarch [root@trimslice ~]# systemctl status systemd-rfkill.service ● systemd-rfkill.service - Load/Save RF Kill Switch Status Loaded: loaded (/usr/lib/systemd/system/systemd-rfkill.service; static; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2018-02-01 16:03:54 EST; 37s ago Docs: man:systemd-rfkill.service(8) Process: 669 ExecStart=/usr/lib/systemd/systemd-rfkill (code=exited, status=238/STATE_DIRECTORY) Main PID: 669 (code=exited, status=238/STATE_DIRECTORY) Feb 01 16:03:54 trimslice.friendly-neighbours.com systemd[1]: Starting Load/Save RF Kill Switch Status... Feb 01 16:03:54 trimslice.friendly-neighbours.com systemd[669]: systemd-rfkill.service: Failed to set up special execution directory in /var/lib: Permission denied Feb 01 16:03:54 trimslice.friendly-neighbours.com systemd[669]: systemd-rfkill.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-rfkill: Permission denied Feb 01 16:03:54 trimslice.friendly-neighbours.com systemd[1]: systemd-rfkill.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Feb 01 16:03:54 trimslice.friendly-neighbours.com systemd[1]: systemd-rfkill.service: Failed with result 'exit-code'. Feb 01 16:03:54 trimslice.friendly-neighbours.com systemd[1]: Failed to start Load/Save RF Kill Switch Status. [root@trimslice ~]# ausearch -m USER_AVC,AVC -ts today ---- time->Thu Feb 1 15:42:28 2018 type=USER_AVC msg=audit(1517517748.440:183): pid=396 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received policyload notice (seqno=2) exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Feb 1 15:43:07 2018 type=USER_AVC msg=audit(1517517787.298:185): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Feb 1 15:52:27 2018 type=AVC msg=audit(1517518347.837:225): avc: denied { create } for pid=775 comm="(d-rfkill)" name="rfkill" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_rfkill_var_lib_t:s0 tclass=dir permissive=0 ---- time->Thu Feb 1 16:03:54 2018 type=AVC msg=audit(1517519034.258:177): avc: denied { setattr } for pid=669 comm="(d-rfkill)" name="rfkill" dev="sda3" ino=45856 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_rfkill_var_lib_t:s0 tclass=dir permissive=0 [root@trimslice ~]# rpm -q selinux-policy selinux-policy-3.14.1-5.fc28.noarch
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'.
Still seeing this while testing Fedora-28-20180310.n.0, includes selinux-policy-3.14.1-11.fc28.noarch
selinux-policy-3.14.1-13.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-13.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-14.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-14.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-14.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.