https://bugzilla.suse.com/show_bug.cgi?id=1209875 Bug ID: 1209875 Summary: [selinux] avc: denied for systemd-journal and /var/log/journal Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: jsegitz@suse.com Reporter: jslaby@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Trying selinux in TW (in permissive mode) I received this from audit:

audit: type=1400 audit(1680075283.980:3): avc: denied { getattr } for pid=417 comm="systemd-journal" path="/var/log/journal/7154b830e6bb8a683db5d8d6000008fd/system@6e7e34a4fb8148f0be0964b88a38691f-0000000000128c14-0005f803c6a14050.journal" dev="sda1" ino=524660 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 audit: type=1400 audit(1680075284.252:4): avc: denied { read } for pid=417 comm="systemd-journal" name="system@6e7e34a4fb8148f0be0964b88a38691f-0000000000128c14-0005f803c6a14050.journal" dev="sda1" ino=524660 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 audit: type=1400 audit(1680075284.252:5): avc: denied { open } for pid=417 comm="systemd-journal" path="/var/log/journal/7154b830e6bb8a683db5d8d6000008fd/system@6e7e34a4fb8148f0be0964b88a38691f-0000000000128c14-0005f803c6a14050.journal" dev="sda1" ino=524660 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1

So maybe there are some rules for persistent journal missing? -- You are receiving this mail because: You are on the CC list for the bug.