This policy update works!

Seems to work on x86_64 here.

No regressions noted.

No regressions noted

works

I cannot start virtual machines after installing this update.

$ virsh -c qemu:///system start <vm>
error: Failed to start domain <vm>
error: SELinux policy denies access.

Systemd journal:

audit: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { start } for auid=n/a uid=0 gid=0 cmdline="/usr/lib/systemd/systemd-machined" scontext=system_u:system_r:systemd_machined_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
systemd-machined: Failed to start machine scope: Access denied
libvirtd: SELinux policy denies access.

selinux-policy-3.13.1-191.10.fc24 doesn't have this problem.

@lantw44: I don't see this issue when running a virtual machine via Gnome Boxes -- I mention this in case it helps narrow possible problem areas down (but I'm out of my depth here).

I can duplicate @lantw44's problem with virtual machines, in my case using virt-manager: it won't let me create a new VM, saying SELinux disallows this. And as with @lantw44, downgrading to selinux-policy-3.13.1-191.10.fc24 solves the problem. Reversing my earlier karma.

I couldn't find an existing bug for the virtualization blockage, so I've opened #1368745.

Broke starting VMs in virt-manager.

Related bug: #1368745

I confirm that it breaks VMs starting

Breaks VM from starting in virt-manager. Related bug: #1368745

Breaks virt-manager

same. breaks virsh/virt-manager.

This update does not fix bug 1337333 even though its (unpushed) precursor package selinux-policy-3.13.1-191.10.fc24 was advertised as doing that.