https://bugzilla.suse.com/show_bug.cgi?id=1224149
https://bugzilla.suse.com/show_bug.cgi?id=1224149#c7
--- Comment #7 from Andrei Borzenkov
So snapper should have permissions to access bootctl or something like that
I have these overrides that eliminate all denials on MicroOS systemd-boot image. Not sure how secure they are. #============= snapperd_t ============== allow snapperd_t dosfs_t:file unlink; allow snapperd_t var_lib_t:file unlink; allow snapperd_t init_exec_t:file { execute execute_no_trans }; #============= systemd_fstab_generator_t ============== allow systemd_fstab_generator_t init_t:bpf { map_read map_write }; #============= systemd_gpt_generator_t ============== allow systemd_gpt_generator_t init_t:bpf { map_read map_write }; -- You are receiving this mail because: You are on the CC list for the bug.