Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1558816

Summary: avc: denied { mac_admin } for pid=1 comm="systemd" capability=33 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability2 permissive=0
Product: [Fedora] Fedora Reporter: Mairi Dulaney <jdulaney>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: high    
Version: 28CC: dwalsh, jdulaney, jdulaney, jonha87, lvrabec, mgrepl, plautrba, pmoore, robatino, sgallagh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-25 00:21:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1469206    

Description Mairi Dulaney 2018-03-21 04:53:27 UTC 
Description of problem:

Fresh installation of Fedora 28, and I am getting:


avc:  denied  { mac_admin } for  pid=1 comm="systemd" capability=33  scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability2 permissive=0

This may be a duplicate of 1531556

Version-Release number of selected component (if applicable):
systemd-238-4.fc28.x86_64


How reproducible:
Always

Steps to Reproduce:
1. Boot computer
2. Observe AVC denial messages


Actual results:
selinux denying systemd causes sadness

Expected results:
No selinux denying systemd
Comment 1 Fedora Blocker Bugs Application 2018-03-21 04:54:34 UTC 
Proposed as a Blocker for 28-final by Fedora user jdulaney using the blocker tracking app because:

 There must be no SELinux denial notifications or crash notifications on boot of or during installation from a release-blocking live image, or at first login after a default install of a release-blocking desktop.
Comment 2 Lukas Vrabec 2018-03-22 11:42:43 UTC 
*** Bug 1558949 has been marked as a duplicate of this bug. ***
Comment 3 Lukas Vrabec 2018-03-24 13:42:42 UTC 
John, 

Do you see any issues with systemd or you 'just' see the AVC? 

Lukas.
Comment 4 Mairi Dulaney 2018-03-24 14:57:37 UTC 
Nothing directly that I could tell.  However, it still hits the release criteria.
Comment 5 Lukas Vrabec 2018-03-25 00:19:57 UTC 
*** Bug 1557275 has been marked as a duplicate of this bug. ***
Comment 6 Lukas Vrabec 2018-03-25 00:21:41 UTC 
Hi, 

It looks like this is same issue like rhbz#1559174, there is issue with old labels. Closing as duplicate.

If the issue still persists, feel free to re-open this ticket.

*** This bug has been marked as a duplicate of bug 1559174 ***