Description of problem: ARM and AArch64 disk images have the /etc/machine-id stripped after image creation to ensure each machine has a unique id. On first boot this gets recreated by systemd-machine-id-commit, but the selinux context is incorrect and there is a denial: Oct 10 12:56:40 localhost.localdomain systemd[1]: Installed transient /etc/machine-id file. Oct 10 12:56:34 localhost.localdomain audit[1]: AVC avc: denied { mounton } for pid=1 comm="systemd" path="/etc/machine-id" dev="mmcblk0p3" ino=7753 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=1 Version-Release number of selected component (if applicable): selinux-policy-3.14.5-12.fc32 How reproducible: Everytime, after relabel system boots as expected. Actual results: ls -l -Z /etc/machine-id -rw-r--r--. 1 root root system_u:object_r:etc_t:s0 33 Oct 10 12:56 /etc/machine-id Expected results: ls -l -Z /etc/machine-id -rw-r--r--. 1 root root system_u:object_r:machineid_t:s0 33 Oct 10 12:56 /etc/machine-id
The issue turned out to be different, closing DUPLICATE of bz 1754471 where the picture is more complete. *** This bug has been marked as a duplicate of bug 1754471 ***