https://bugzilla.suse.com/show_bug.cgi?id=1231139 https://bugzilla.suse.com/show_bug.cgi?id=1231139#c4 --- Comment #4 from Alberto Planas Dominguez <aplanas@suse.com> --- Some AVC, extracted from journalctl -xb Oct 07 12:29:21 localhost kernel: audit: type=1400 audit(1728304160.763:4): avc: denied { open } for pid=732 comm="systemd-cryptse" path="/etc/crypttab" dev="overlay" ino=12334 scontext=system_u:system_r:systemd_cryptsetup_generator_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0 Oct 07 12:29:21 localhost kernel: audit: type=1400 audit(1728304160.803:5): avc: denied { read } for pid=729 comm="growpart-genera" name="passwd" dev="overlay" ino=3087 scontext=system_u:system_r:systemd_growpart_generator_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1 Oct 07 12:29:21 localhost kernel: audit: type=1400 audit(1728304160.803:6): avc: denied { open } for pid=729 comm="growpart-genera" path="/etc/passwd" dev="overlay" ino=3087 scontext=system_u:system_r:systemd_growpart_generator_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1 Oct 07 12:29:21 localhost kernel: audit: type=1400 audit(1728304160.803:7): avc: denied { getattr } for pid=729 comm="growpart-genera" path="/etc/passwd" dev="overlay" ino=3087 scontext=system_u:system_r:systemd_growpart_generator_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1 Oct 07 12:29:21 localhost kernel: audit: type=1400 audit(1728304160.806:8): avc: denied { read } for pid=730 comm="selinux-autorel" name="passwd" dev="overlay" ino=3087 scontext=system_u:system_r:selinux_autorelabel_generator_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0 Oct 07 12:29:21 localhost kernel: audit: type=1400 audit(1728304160.856:9): avc: denied { sys_admin } for pid=736 comm="systemd-gpt-aut" capability=21 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:system_r:systemd_gpt_generator_t:s0 tclass=capability permissive=0 Oct 07 12:29:21 localhost kernel: audit: type=1400 audit(1728304161.186:10): avc: denied { module_request } for pid=1 comm="systemd" kmod="net-pf-16-proto-12" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=0 Oct 07 12:29:22 localhost kernel: audit: type=1400 audit(1728304161.983:11): avc: denied { siginh } for pid=773 comm="sh" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process permissive=0 Oct 07 12:30:52 localhost kernel: audit: type=1400 audit(1728304252.123:14): avc: denied { net_admin } for pid=920 comm="systemd-tmpfile" capability=12 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:system_r:systemd_tmpfiles_t:s0 tclass=capability permissive=0 The first one for systemd-cryptsetup should be referring to the generator, that reads /etc/crypttab. I think this one is cutting now the boot process, as I do not see the pcrlock one. -- You are receiving this mail because: You are on the CC list for the bug.