Comment # 9 on bug 1224149 from Alberto Planas Dominguez 
(In reply to Zdenek Kubala from comment #8)
> (In reply to Alberto Planas Dominguez from comment #6)

> > So snapper should have permissions to access bootctl or something like that
> 
> This AVC denial has been firstly reported in bsc#1224120 and I have been
> looking into that and also it can be reproduced even without TPM2
> `systemd-pcrlock` and FDE. So I would keep it separated and this unlink AVC
> handle in bsc#1224120.

Would help if I copy the comment in the other bug?

Both bugs has the same root cause: the snapper plugin is calling sdbootutil in
different stages: when the snapshot is created or deleted. In both cases
bootctl is called and if FDE is set, pcr-oracle or systemd-pcrlock is also
called to add or remove files.

Would be OK if all those fixes come together?

You are receiving this mail because: