systemd 256 ssh-generator looks vor virtualisation info in /proc/sysinfo on s390x hosts. The read operation is rejected and causes the service to fail. Here is the audit entry : ``` [ 8.111974] audit: type=1400 audit(1724677759.011:4): avc: denied { read } for pid=1358 comm="systemd-ssh-gen" name="sysinfo" dev="proc" ino=4026531945 scontext=system_u:system_r:systemd_ssh_generator_t:s0 tcontext=system_u:object_r:sysctl_t:s0 tclass=file permissive=0 ``` Reproducible: Always Steps to Reproduce: try to boot a s390x coreOS VM with systemd256 Actual Results: /usr/lib/systemd/system-generators/systemd-ssh-generator failed with exit status 1. Expected Results: everything start properly /proc/sysinfo seem to only exist on s390x architecture : https://github.com/coreos/fedora-coreos-tracker/issues/1786#issuecomment-2312756441 Relevant code in systemd : https://github.com/systemd/systemd/blob/9c0aee7cbbc82aa030ba9c78af1e7fd0ff520d27/src/ssh-generator/ssh-generator.c#L197 --> ... --> https://github.com/systemd/systemd/blob/9c0aee7cbbc82aa030ba9c78af1e7fd0ff520d27/src/basic/virt.c#L424-L445 where we clearly see the s390x-specific bits.
Proposed as a Freeze Exception for 41-beta by Fedora user jbtrystram using the blocker tracking app because: This cause systemd-ssh-generator to fail on s390x hosts. It's already fixed in https://bodhi.fedoraproject.org/updates/FEDORA-2024-1597066f01 I tested the fixed selinux-rpm and can confirm it solves the issue
FEDORA-2024-1597066f01 (selinux-policy-41.15-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-1597066f01
+4 in https://pagure.io/fedora-qa/blocker-review/issue/1639 , marking accepted.
FEDORA-2024-1597066f01 (selinux-policy-41.15-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.