https://bugzilla.suse.com/show_bug.cgi?id=1231127 Bug ID: 1231127 Summary: SELinux: health-checker change causes denial Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: fvogt@suse.com QA Contact: qa-bugs@suse.de CC: fcrozat@suse.com, iforster@suse.com Target Milestone: --- Found By: --- Blocker: --- With https://github.com/openSUSE/health-checker/pull/21/files, health-checker calls rpm --verifydb with a custom lock path because /usr/ is not writable. The modified check fails now because SELinux blocks rpm from writing to /run/rpmdb: type=AVC msg=audit(1727697272.028:122): avc: denied { open } for pid=2368 comm="rpmdb" path="/run/rpmdb" dev="tmpfs" ino=2281 scontext=unconfined_u:unconfined_r:rpmdb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1727697272.028:123): avc: denied { open } for pid=2368 comm="rpmdb" path="/run/rpmdb" dev="tmpfs" ino=2281 scontext=unconfined_u:unconfined_r:rpmdb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0 -- You are receiving this mail because: You are on the CC list for the bug.