|
Bugzilla – Full Text Bug Listing |
| Summary: | [SELinux] systemd-gpt-auto-generator blocked by SELinux | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Richard Brown <rbrown> |
| Component: | Security | Assignee: | Cathy Hu <cathy.hu> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | cathy.hu |
| Version: | Current | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| See Also: |
https://bugzilla.suse.com/show_bug.cgi?id=1223599 https://bugzilla.suse.com/show_bug.cgi?id=1224120 https://bugzilla.suse.com/show_bug.cgi?id=1222994 |
||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
I submitted to security:SELinux: https://build.opensuse.org/package/show/security:SELinux/selinux-policy Could you please test this and report if that solved the complete issue? Thanks! It seems to have solved the issue, thanks! thanks, closing |
Pretty straight forward it seems, looks like SELinux doesn't like systemd-gpt-auto-generator and systemd-fstab-generator doing their thing. Logs below This has minor impact right now on openSUSE Aeon which is using a Discoverable Partition Standard (DPS) compliant partition standard, which is probably what triggers systemd-gpt-auto-generator from doing it's thing But practically speaking those same Aeon users are unlikely to notice an issue as the root filesystem is also defined properly in /etc/fstab and won't be any time soon Will be a problem for anyone not using Aeon someday though Apr 12 19:02:27 localhost (sd-exec-[761]: /usr/lib/systemd/system-generators/systemd-gpt-auto-generator failed with exit status 1. Apr 12 19:02:27 localhost systemd-gpt-auto-generator[769]: Failed to create symlink "/run/systemd/generator.late/local-fs.target.wants/systemd-remount-fs.service": No such file or directory Apr 12 19:02:27 localhost kernel: audit: type=1400 audit(1712941346.966:6): avc: denied { write } for pid=769 comm="systemd-gpt-aut" name="generator.late" dev="tmpfs" ino=597 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=dir permissive=0 Apr 12 19:02:27 localhost kernel: audit: type=1400 audit(1712941346.926:5): avc: denied { map_read map_write } for pid=769 comm="systemd-gpt-aut" scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0 Apr 12 19:02:27 localhost kernel: audit: type=1400 audit(1712941346.919:4): avc: denied { map_read map_write } for pid=767 comm="systemd-fstab-g" scontext=system_u:system_r:systemd_fstab_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0