https://bugzilla.suse.com/show_bug.cgi?id=1228380 https://bugzilla.suse.com/show_bug.cgi?id=1228380#c1 --- Comment #1 from pallas wept <pallaswept@proton.me> --- Since this was effectively denying access to logs I have blindly applied the advice given by the tool. ausearch -c 'grub' --raw | audit2allow -M my-grub Adding this new rule has apparently exposed a new flood of errors as follows: type=AVC msg=audit(1722125351.618:425): avc: denied { execute_no_trans } for pid=18478 comm="grub" path="/usr/bin/grub2-script-check" dev="nvme0n1p2" ino=4261732 scontext=system_u:system_r:snapperd_t:s0 tcontext=system_u:object_r:bootloader_exec_t:s0 tclass=file permissive=0 I have 10 minutes uptime and just over 300 errors so that one is relatively tame at once every 2 seconds on average, in bursts... Still, very not good. -- You are receiving this mail because: You are on the CC list for the bug.