1558816 – avc: denied { mac_admin } for pid=1 comm="systemd" capability=33 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability2 permissive=0

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1558816 - avc: denied { mac_admin } for pid=1 comm="systemd" capability=33 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability2 permissive=0

Summary: avc: denied { mac_admin } for pid=1 comm="systemd" capability=33 scontext...

Keywords:
Status:	CLOSED DUPLICATE of bug 1559174
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	28
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	urgent
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	1557275 1558949 (view as bug list)
Depends On:
Blocks:	F28FinalBlocker
TreeView+	depends on / blocked

Reported:	2018-03-21 04:53 UTC by Mairi Dulaney
Modified:	2018-03-25 00:21 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-03-25 00:21:41 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Mairi Dulaney 2018-03-21 04:53:27 UTC

Description of problem:

Fresh installation of Fedora 28, and I am getting:


avc:  denied  { mac_admin } for  pid=1 comm="systemd" capability=33  scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability2 permissive=0

This may be a duplicate of 1531556

Version-Release number of selected component (if applicable):
systemd-238-4.fc28.x86_64


How reproducible:
Always

Steps to Reproduce:
1. Boot computer
2. Observe AVC denial messages


Actual results:
selinux denying systemd causes sadness

Expected results:
No selinux denying systemd

Comment 1 Fedora Blocker Bugs Application 2018-03-21 04:54:34 UTC

Proposed as a Blocker for 28-final by Fedora user jdulaney using the blocker tracking app because:

 There must be no SELinux denial notifications or crash notifications on boot of or during installation from a release-blocking live image, or at first login after a default install of a release-blocking desktop.

Comment 2 Lukas Vrabec 2018-03-22 11:42:43 UTC

*** Bug 1558949 has been marked as a duplicate of this bug. ***

Comment 3 Lukas Vrabec 2018-03-24 13:42:42 UTC

John, 

Do you see any issues with systemd or you 'just' see the AVC? 

Lukas.

Comment 4 Mairi Dulaney 2018-03-24 14:57:37 UTC

Nothing directly that I could tell.  However, it still hits the release criteria.

Comment 5 Lukas Vrabec 2018-03-25 00:19:57 UTC

*** Bug 1557275 has been marked as a duplicate of this bug. ***

Comment 6 Lukas Vrabec 2018-03-25 00:21:41 UTC

Hi, 

It looks like this is same issue like rhbz#1559174, there is issue with old labels. Closing as duplicate.

If the issue still persists, feel free to re-open this ticket.

*** This bug has been marked as a duplicate of bug 1559174 ***

Note You need to log in before you can comment on or make changes to this bug.