Comment # 1 on bug 1224149 from Andrei Borzenkov 
After adding override for the reported AVCs I then got

10:~ # semodule -DB
10:~ # ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts boot 
<no matches>
10:~ # systemctl start snapper-cleanup.service
10:~ # ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts boot 
----
time->Sun May 19 07:50:37 2024
type=AVC msg=audit(1716094237.445:227): avc:  denied  { execute_no_trans } for 
pid=1364 comm="sdbootutil" path="/usr/lib/systemd/systemd-pcrlock" dev="dm-0"
ino=63823 scontext=system_u:system_r:snapperd_t:s0
tcontext=system_u:object_r:init_exec_t:s0 tclass=file permissive=0

You are receiving this mail because: