Systemd-journald Service Fails to Read Configuration File /etc/systemd/journald.conf Due to Incorrect SELinux Context

Issue

• The systemd-journald service fails to open its configuration file /etc/systemd/journald.conf due to a "Permission denied" error, causing logging disruption.

  • Error messages in logs:

    Jul 24 07:49:32 server systemd-journald[8482]: Failed to open configuration file '/etc/systemd/journald.conf': Permission denied
    

  • SELinux audit logs show:

    type=SYSCALL msg=audit(07/24/25 07:57:27.459:748) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x56256f4d641c a2=O_RDONLY|O_CLOEXEC a3=0x0 items=0 ppid=1 pid=8639 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-journal exe=/usr/lib/systemd/systemd-journald subj=system_u:system_r:syslogd_t:s0 key=(null) 
    type=AVC msg=audit(07/24/25 07:57:27.459:748) : avc:  denied  { open } for  pid=8639 comm=systemd-journal path=/etc/systemd/journald.conf dev="dm-0" ino=53318 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0