https://bugzilla.suse.com/show_bug.cgi?id=1228380 https://bugzilla.suse.com/show_bug.cgi?id=1228380#c5 --- Comment #5 from pallas wept <pallaswept@proton.me> --- (In reply to Cathy Hu from comment #4)
thanks, yes it would be really helpful if you open bugs even for small things, please feel encouraged to do so :)
Hi Cathy, I saw the 0726 policy package in my zypper dup today. After installing it I removed my "panic policy" from before, but the errors came back again. I put the "panic policy" back on. I know it's not a good thing but my systemd journal couldn't hack it. This is what the panic policy module looks like:
cat my-grub_2.cil (typeattributeset cil_gen_require bootloader_exec_t) (typeattributeset cil_gen_require snapperd_t) (allow snapperd_t bootloader_exec_t (file (execute))) (allow snapperd_t bootloader_exec_t (file (execute_no_trans)))
Is this helpful? It is alien language to me, I am reading the docs now. When I look at the changes for the selinux-policy package, it seems like maybe I have a different bug. If I export my snapper module, I see (allow snapper_grub_plugin_t bootloader_exec_t (file (ioctl read getattr lock map execute open execute_no_trans))) So I think I have the new changes from the policy in effect there, but mine is something else (because of the different source type). Am I understanding this correctly? -- You are receiving this mail because: You are on the CC list for the bug.