Comment # 4 on bug 1190918 from 
This failure is related to my latest addition to auditd.service:

ReadWritePaths=/etc/audit

This is required to have the other systemd service hardening in place (cf.
https://bugzilla.suse.com/show_bug.cgi?id=1181400#c17).

However, this bug only happens when selinux is in enforcing mode.

This is because the selinux' auditd_etc_t type doesn't have mounton permission
(for namespace mounting). 

I've spent the day trying to make this work (systemd and selinux are way out of
my league), but I think I've managed to fix it. I'll update here tomorrow at
the latest.

You are receiving this mail because: