Comment # 7 on bug 1228380 from pallas wept 
(In reply to Cathy Hu from comment #6)
> does `ls -alZ /usr/lib/snapper/plugins/grub` show you
> snapper_grub_plugin_exec_t as type?

It wasn't! You're a genius.

> if not try `touch /.autorelabel` and reboot and check if AVCs are still
> there.

That's fixed it. I'm sure I did this during installation, it was in the
instructions and it took a long time and I was sweating the whole time, I could
not forget it :D

> also, could you please attach the AVCs? thanks a lot!

I'm sorry I'm a bit noob at this, would you mind telling me the command to get
the file to attach?

I was going to attach the output of
` sudo ausearch -m AVC,USER_AVC -c snapper -c grub >~/Desktop/ausearch.txt `
It's ~7MB and I feel like maybe I'm doing it wrong, perhaps there's a way to
filter out all the dupes? I could filter it to just today, and that will
capture all the different states.

While I have been writing this, I have noticed a new grub-/snapper related
message which has appeared since the relabel.

This shows the two messages which I reported here, then it stops when I added
that module earlier, then just before 19:17, I remove it, touch /.autorelabel,
and reboot. Since then I am seeing bursts of the last alert over and over

----
time->Thu Aug  1 13:00:06 2024
type=AVC msg=audit(1722481206.970:1967): avc:  denied  { execute_no_trans } for
 pid=48339 comm="grub" path="/usr/bin/grub2-mkrelpath" dev="nvme0n1p2"
ino=4261726 scontext=system_u:system_r:snapperd_t:s0
tcontext=system_u:object_r:bootloader_exec_t:s0 tclass=file permissive=0
----
time->Thu Aug  1 13:00:06 2024
type=AVC msg=audit(1722481206.970:1968): avc:  denied  { execute_no_trans } for
 pid=48342 comm="grub" path="/usr/bin/grub2-script-check" dev="nvme0n1p2"
ino=4261732 scontext=system_u:system_r:snapperd_t:s0
tcontext=system_u:object_r:bootloader_exec_t:s0 tclass=file permissive=0
----
time->Thu Aug  1 19:17:34 2024
type=AVC msg=audit(1722503854.212:204): avc:  denied  { search } for  pid=14253
comm="grub" name="nscd" dev="tmpfs" ino=4234
scontext=system_u:system_r:snapper_grub_plugin_t:s0
tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir permissive=0
----
time->Thu Aug  1 19:17:34 2024
type=AVC msg=audit(1722503854.212:205): avc:  denied  { search } for  pid=14253
comm="grub" name="nscd" dev="tmpfs" ino=4234
scontext=system_u:system_r:snapper_grub_plugin_t:s0
tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir permissive=0
----

This looks different, is less in volume, and the original two messages are
gone, should I file a new bug for that?

You are receiving this mail because: