https://bugzilla.suse.com/show_bug.cgi?id=1228380 Bug ID: 1228380 Summary: [SELinux] extreme grub error flood, grub2-mkrelpath and grub2-script-check Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: pallaswept@proton.me QA Contact: security-team@suse.de Target Milestone: --- Found By: --- Blocker: --- This one is hammering my logs quite badly. Any assistance would be greatly appreciated. SELinux status, mode and policy name: enabled, targeted, enforcing SELinux policy version and repository: repo-oss selinux-policy The software (incl. version) that is affected by the SELinux issue and the error message: grub SELinux Audit log: The log is impossibly large due to the density of these messages. These are the two messages: Hundreds per second, in bursts ---- time->Sun Jul 28 08:00:13 2024 type=AVC msg=audit(1722117613.981:2165): avc: denied { execute } for pid=51597 comm="grub" name="grub2-mkrelpath" dev="nvme0n1p2" ino=4261726 scontext=system_u:system_r:snapperd_t:s0 tcontext=system_u:object_r:bootloader_exec_t:s0 tclass=file permissive=0 Once per minute, every minute ---- time->Sun Jul 28 08:00:13 2024 type=AVC msg=audit(1722117613.985:2166): avc: denied { execute } for pid=51600 comm="grub" name="grub2-script-check" dev="nvme0n1p2" ino=4261732 scontext=system_u:system_r:snapperd_t:s0 tcontext=system_u:object_r:bootloader_exec_t:s0 tclass=file permissive=0 ---- Any other important details: Installed SElinux on existing TW system using this doc https://en.opensuse.org/Portal:SELinux/Setup#Setup_SELinux_on_existing_tumbl... Thanks! -- You are receiving this mail because: You are on the CC list for the bug.