https://bugzilla.suse.com/show_bug.cgi?id=1232670 https://bugzilla.suse.com/show_bug.cgi?id=1232670#c1 --- Comment #1 from Thorsten Kukuk <kukuk@suse.com> --- importctl is also not allowed to download portable images. Means create /var/lib/portables if it does not exit and writing into it if it exists: type=AVC msg=audit(1730732931.911:259): avc: denied { write } for pid=10839 comm="systemd-pull" name="lib" dev="dm-1" ino=259 scontext=system_u:system_r:systemd_importd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1730732931.914:260): avc: denied { write } for pid=10839 comm="systemd-pull" name="lib" dev="dm-1" ino=259 scontext=system_u:system_r:systemd_importd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1730732931.918:261): avc: denied { write } for pid=10839 comm="systemd-pull" name="lib" dev="dm-1" ino=259 scontext=system_u:system_r:systemd_importd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1730732932.484:262): avc: denied { write } for pid=10839 comm="systemd-pull" name="lib" dev="dm-1" ino=259 scontext=system_u:system_r:systemd_importd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1730732952.661:263): avc: denied { write } for pid=10854 comm="systemd-pull" name="portables" dev="dm-1" ino=217616 scontext=system_u:system_r:systemd_importd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1730732952.668:264): avc: denied { write } for pid=10854 comm="systemd-pull" name="portables" dev="dm-1" ino=217616 scontext=system_u:system_r:systemd_importd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1730732952.671:265): avc: denied { write } for pid=10854 comm="systemd-pull" name="portables" dev="dm-1" ino=217616 scontext=system_u:system_r:systemd_importd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1730732953.231:266): avc: denied { write } for pid=10854 comm="systemd-pull" name="portables" dev="dm-1" ino=217616 scontext=system_u:system_r:systemd_importd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0 # importctl pull-raw https://download.opensuse.org/repositories/home:/kukuk:/sysext/mkosi/strace-... --verify=no --class=portable -- You are receiving this mail because: You are on the CC list for the bug.