https://bugzilla.suse.com/show_bug.cgi?id=1226824 Bug ID: 1226824 Summary: [SELinux] growpart-generator AVC denials Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mcepl@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- mitmanek:~ # ausearch -m AVC -ts boot ---- time->Sun Jun 23 01:51:49 2024 type=AVC msg=audit(1719100309.392:27): avc: denied { execute } for pid=1227 comm="growpart-genera" path="/usr/bin/bash" dev="nvme0n1p3" ino=124016 scontext=system_u:system_r:systemd_generic_generator_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1 ---- time->Sun Jun 23 01:51:49 2024 type=AVC msg=audit(1719100309.395:28): avc: denied { read } for pid=1227 comm="growpart-genera" name="passwd" dev="overlay" ino=726 scontext=system_u:system_r:systemd_generic_generator_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1 ---- time->Sun Jun 23 01:51:49 2024 type=AVC msg=audit(1719100309.395:29): avc: denied { open } for pid=1227 comm="growpart-genera" path="/etc/passwd" dev="overlay" ino=726 scontext=system_u:system_r:systemd_generic_generator_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1 ---- time->Sun Jun 23 01:51:49 2024 type=AVC msg=audit(1719100309.395:30): avc: denied { getattr } for pid=1227 comm="growpart-genera" path="/etc/passwd" dev="overlay" ino=726 scontext=system_u:system_r:systemd_generic_generator_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1 ---- time->Sun Jun 23 01:51:49 2024 type=AVC msg=audit(1719100309.395:31): avc: denied { execute } for pid=1240 comm="growpart-genera" name="findmnt" dev="nvme0n1p3" ino=229659 scontext=system_u:system_r:systemd_generic_generator_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 ---- time->Sun Jun 23 01:51:49 2024 type=AVC msg=audit(1719100309.395:32): avc: denied { execute_no_trans } for pid=1240 comm="growpart-genera" path="/usr/bin/findmnt" dev="nvme0n1p3" ino=229659 scontext=system_u:system_r:systemd_generic_generator_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 ---- time->Sun Jun 23 01:51:49 2024 type=AVC msg=audit(1719100309.399:33): avc: denied { getattr } for pid=1239 comm="systemd-fstab-g" path="/.snapshots" dev="nvme0n1p3" ino=256 scontext=system_u:system_r:systemd_fstab_generator_t:s0 tcontext=system_u:object_r:snapperd_data_t:s0 tclass=dir permissive=1 ---- time->Sun Jun 23 02:01:49 2024 type=AVC msg=audit(1719100909.876:105): avc: denied { unlink } for pid=1793 comm="bootctl" name="bfb41e21a4f34f10958f75adb1378666-6.9.3-1-default-114.conf" dev="nvme0n1p2" ino=46 scontext=system_u:system_r:snapperd_t:s0 tcontext=system_u:object_r:dosfs_t:s0 tclass=file permissive=1 mitmanek:~ # rpm -q selinux-policy selinux-policy-20240617-1.1.noarch mitmanek:~ # This is on MicroOS with the latest Tumbleweed packages as of 2024-06-23. -- You are receiving this mail because: You are on the CC list for the bug.