Comment # 1
on bug 1217309
from Matthias Brugger
I found this on the firstboot log:
> setroubleshoot[1921]: SELinux is preventing /usr/sbin/rebootmgrd from read access on the file cpuinfo. For complete SELinux messages run: sealert -l 054a40c1-c97a-4717-a8b9-0e814935fcc7
> systemd[1]: Starting Socket for Cockpit Web Service http instance...
> systemd[1]: Starting Socket for Cockpit Web Service https instance factory...
> systemd[1]: Listening on Socket for Cockpit Web Service http instance.
> systemd[1]: Listening on Socket for Cockpit Web Service https instance factory.
> systemd[1]: Starting Cockpit Web Service...
> kernel: BTRFS info (device mmcblk0p2): balance: start -musage=3 -susage=3
> kernel: BTRFS info (device mmcblk0p2): relocating block group 2562654208 flags metadata|dup
> setroubleshoot[1921]: SELinux is preventing /usr/sbin/rebootmgrd from read access on the file cpuinfo.
>
> ***** Plugin catchall (100. confidence) suggests **************************
>
> If you believe that rebootmgrd should be allowed read access on the cpuinfo file by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # ausearch -c 'rebootmgrd' --raw | audit2allow -M my-rebootmgrd
> # semodule -X 300 -i my-rebootmgrd.pp
>
> cockpit-certificate-ensure[2620]: /usr/lib/cockpit-certificate-helper: line 25: sscg: command not found