Comment # 5 on bug 1228380 from pallas wept 
(In reply to Cathy Hu from comment #4)
> thanks, yes it would be really helpful if you open bugs even for small
> things, please feel encouraged to do so :)

Hi Cathy, 

I saw the 0726 policy package in my zypper dup today. After installing it I
removed my "panic policy" from before, but the errors came back again. I put
the "panic policy" back on. I know it's not a good thing but my systemd journal
couldn't hack it.

This is what the panic policy module looks like:

  > cat my-grub_2.cil 
  (typeattributeset cil_gen_require bootloader_exec_t)
  (typeattributeset cil_gen_require snapperd_t)
  (allow snapperd_t bootloader_exec_t (file (execute)))
  (allow snapperd_t bootloader_exec_t (file (execute_no_trans)))

Is this helpful? It is alien language to me, I am reading the docs now. When I
look at the changes for the selinux-policy package, it seems like maybe I have
a different bug. If I export my snapper module, I see

  (allow snapper_grub_plugin_t bootloader_exec_t (file (ioctl read getattr lock
map execute open execute_no_trans)))

So I think I have the new changes from the policy in effect there, but mine is
something else (because of the different source type). Am I understanding this
correctly?

You are receiving this mail because: