Description of problem: When I rebooted today some systemd processes failed to run blocking boot up. Using enforcing=0 got the system to boot. I ran restorecon -vr / and updated selinux-policy to today's build and saw the same thing. Version-Release number of selected component (if applicable): selinux-policy-3.12.1-6.fc19.noarch (Using the targeted policy.) How reproducible: Seems 100%. Steps to Reproduce: 1. Reboot Actual results: AVCs in dmesg output: [root@bruno bruno]# dmesg | grep -i avc [ 35.849959] type=1400 audit(1359006777.696:3): avc: denied { connectto } for pid=488 comm="(dmodules)" path="/run/systemd/journal/stdout" scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket [ 36.316242] type=1400 audit(1359006778.163:4): avc: denied { associate } for pid=1 comm="systemd" name="mqueue" scontext=system_u:object_r:sysfs_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=filesystem [ 37.519148] type=1400 audit(1359006779.366:5): avc: denied { create } for pid=504 comm="systemd-udevd" name="queue.tmp" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=file [ 37.531402] type=1400 audit(1359006779.378:6): avc: denied { read write open } for pid=504 comm="systemd-udevd" path="/run/udev/queue.tmp" dev="tmpfs" ino=14809 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=file [ 37.550444] type=1400 audit(1359006779.397:7): avc: denied { rename } for pid=504 comm="systemd-udevd" name="queue.tmp" dev="tmpfs" ino=14809 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=file [ 39.655721] type=1400 audit(1359006781.502:8): avc: denied { read } for pid=526 comm="udevadm" name="queue.bin" dev="tmpfs" ino=14809 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=file [ 39.668087] type=1400 audit(1359006781.515:9): avc: denied { open } for pid=526 comm="udevadm" path="/run/udev/queue.bin" dev="tmpfs" ino=14809 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=file [ 39.767748] type=1400 audit(1359006781.614:10): avc: denied { create } for pid=547 comm="systemd-udevd" name="+module:configfs.tmp" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=file [ 39.785712] type=1400 audit(1359006781.632:11): avc: denied { write } for pid=547 comm="systemd-udevd" path="/run/udev/data/+module:configfs.tmp" dev="tmpfs" ino=15021 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=file [ 42.259661] type=1400 audit(1359006784.100:17): avc: denied { read } for pid=670 comm="systemd-cryptse" name="b9:14" dev="tmpfs" ino=16235 scontext=system_u:system_r:lvm_t:s0 tcontext=system_u:object_r:sound_device_t:s0 tclass=file [ 42.430295] type=1400 audit(1359006784.278:21): avc: denied { ioctl } for pid=684 comm="systemd-tty-ask" path="socket:[17457]" dev="sockfs" ino=17457 scontext=system_u:system_r:systemd_passwd_agent_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=unix_stream_socket [ 42.451434] type=1400 audit(1359006784.299:22): avc: denied { write } for pid=549 comm="systemd-udevd" name="watch" dev="tmpfs" ino=16010 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=dir [ 42.451491] type=1400 audit(1359006784.299:23): avc: denied { add_name } for pid=549 comm="systemd-udevd" name="20" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=dir [ 42.577286] type=1400 audit(1359006784.425:24): avc: denied { create } for pid=547 comm="systemd-udevd" name="\x2fdisk\x2fby-id\x2fata-WDC_WD3200JB-00KFA0_WD-WCAMR2168874-part2" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=dir [ 42.849969] type=1400 audit(1359006784.697:25): avc: denied { remove_name } for pid=545 comm="systemd-udevd" name="18" dev="tmpfs" ino=16222 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=dir [ 43.017846] type=1400 audit(1359006784.865:26): avc: denied { read } for pid=724 comm="udisks-part-id" name="b9:11" dev="tmpfs" ino=16223 scontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=file [ 43.042057] type=1400 audit(1359006784.889:27): avc: denied { open } for pid=724 comm="udisks-part-id" path="/run/udev/data/b9:11" dev="tmpfs" ino=16223 scontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=file [ 43.071104] type=1400 audit(1359006784.919:28): avc: denied { getattr } for pid=724 comm="udisks-part-id" path="/run/udev/data/b9:11" dev="tmpfs" ino=16223 scontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=file [ 43.129808] type=1400 audit(1359006784.977:29): avc: denied { read } for pid=545 comm="systemd-udevd" name="\x2fdisk\x2fby-id\x2fmd-name-bruno.wolff.to:11" dev="tmpfs" ino=16212 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=dir
Fixed in libselinux-2.1.12-18.fc19