Booting into a Fedora Rawhide Atomic Host, the following SELinux denial is observed in the journal: Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain audit[886]: AVC avc: denied { remount } for pid=886 comm="(ostnamed)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 This doesn't seem to affect the operation of the host, but just reporting it here. $ rpm-ostree status State: idle; auto updates disabled Deployments: ● ostree://rawhide:fedora/rawhide/x86_64/atomic-host Version: Rawhide.20180311.n.1 (2018-03-11 22:20:53) Commit: b6d9fe6f817044bcaac2cbdbd52e3cdd7df02b718ceeeba1652ca1e0528db804 $ rpm -q selinux-policy systemd selinux-policy-3.14.2-4.fc29.noarch systemd-238-3.fc29.x86_64 $ sudo journalctl -b | grep -C 10 'avc: denied' Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain systemd[1]: Started Initial cloud-init job (pre-networking). Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=cloud-init-local comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain systemd[1]: Reached target Network (Pre). Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain systemd[1]: Starting Network Manager... Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain systemd[1]: Starting Initial cloud-init job (metadata service crawler)... Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain NetworkManager[869]: <info> [1521034314.4439] NetworkManager (version 1.10.2-1.fc28) is starting... (for the first time) Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain NetworkManager[869]: <info> [1521034314.4453] Read config: /etc/NetworkManager/NetworkManager.conf Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain NetworkManager[869]: <info> [1521034314.4644] manager[0x555f26bc4080]: monitoring kernel firmware directory '/lib/firmware'. Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain dbus-daemon[815]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.3' (uid=0 pid=869 comm="/usr/sbin/NetworkManager --no-daemon " label="system_u:system_r:NetworkManager_t:s0") Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain systemd[1]: Starting Hostname Service... Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain audit[886]: AVC avc: denied { remount } for pid=886 comm="(ostnamed)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain audit[886]: SYSCALL arch=c000003e syscall=165 success=no exit=-13 a0=0 a1=564dd6eacf50 a2=0 a3=102f items=0 ppid=1 pid=886 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(ostnamed)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null) Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain audit: PROCTITLE proctitle="(ostnamed)" Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain dbus-daemon[815]: [system] Successfully activated service 'org.freedesktop.hostname1' Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain systemd[1]: Started Hostname Service. Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain NetworkManager[869]: <info> [1521034314.5604] hostname: hostname: using hostnamed Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain NetworkManager[869]: <info> [1521034314.5605] hostname: hostname changed from (none) to "micah-f27ah-vm0314a.localdomain" Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain NetworkManager[869]: <info> [1521034314.5614] dns-mgr[0x555f26be3950]: init: dns=default, rc-manager=symlink Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain systemd[1]: Started Network Manager. Mar 14 13:31:54 micah-f27ah-vm0314a.localdomain dbus-daemon[815]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.3' (uid=0 pid=869 comm="/usr/sbin/NetworkManager --no-daemon " label="system_u:system_r:NetworkManager_t:s0")
This is also affecting f28.. going to move to f28 and propose as FE.
Proposed as a Freeze Exception for 28-beta by Fedora user dustymabe using the blocker tracking app because: Would be nice to get this denial cleaned up so our CI tests can start passing again for f28
Seeing this on aarch64 as well ---- time->Fri Mar 16 18:36:43 2018 type=AVC msg=audit(1521239803.932:125): avc: denied { remount } for pid=883 comm="(ostnamed)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 soft failures in openqa: https://openqa.stg.fedoraproject.org/tests/254597#step/_console_avc_crash/8
We already had a bug for this. Transferring nomination. *** This bug has been marked as a duplicate of bug 1554776 ***