Comment # 1 on bug 1232670 from Thorsten Kukuk 
importctl is also not allowed to download portable images. Means create
/var/lib/portables if it does not exit and writing into it if it exists:

type=AVC msg=audit(1730732931.911:259): avc:  denied  { write } for  pid=10839
comm="systemd-pull" name="lib" dev="dm-1" ino=259
scontext=system_u:system_r:systemd_importd_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1730732931.914:260): avc:  denied  { write } for  pid=10839
comm="systemd-pull" name="lib" dev="dm-1" ino=259
scontext=system_u:system_r:systemd_importd_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1730732931.918:261): avc:  denied  { write } for  pid=10839
comm="systemd-pull" name="lib" dev="dm-1" ino=259
scontext=system_u:system_r:systemd_importd_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1730732932.484:262): avc:  denied  { write } for  pid=10839
comm="systemd-pull" name="lib" dev="dm-1" ino=259
scontext=system_u:system_r:systemd_importd_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1730732952.661:263): avc:  denied  { write } for  pid=10854
comm="systemd-pull" name="portables" dev="dm-1" ino=217616
scontext=system_u:system_r:systemd_importd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1730732952.668:264): avc:  denied  { write } for  pid=10854
comm="systemd-pull" name="portables" dev="dm-1" ino=217616
scontext=system_u:system_r:systemd_importd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1730732952.671:265): avc:  denied  { write } for  pid=10854
comm="systemd-pull" name="portables" dev="dm-1" ino=217616
scontext=system_u:system_r:systemd_importd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1730732953.231:266): avc:  denied  { write } for  pid=10854
comm="systemd-pull" name="portables" dev="dm-1" ino=217616
scontext=system_u:system_r:systemd_importd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0


# importctl pull-raw
https://download.opensuse.org/repositories/home:/kukuk:/sysext/mkosi/strace-21.3.x86-64.raw
--verify=no --class=portable

You are receiving this mail because: