https://bugzilla.suse.com/show_bug.cgi?id=1213721 https://bugzilla.suse.com/show_bug.cgi?id=1213721#c5 --- Comment #5 from Filippo Bonazzi <filippo.bonazzi@suse.com> --- Executing `systemctl start kdump` results in this AVC: ``` time->Fri Jul 28 12:23:45 2023 type=AVC msg=audit(1690539825.110:98): avc: denied { read } for pid=1173 comm="load.sh" name="kernel" dev="vda4" ino=31389 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:kdump_var_lib_t:s0 tclass=lnk_file permissive=0 ``` which is not the same one as has been reported above, as the source context is system_u:system_r:init_t:s0. On my test system (a fresh microos VM) systemd (init_t) is executing load.sh but is not transitioning to kdump_t (unsurprisingly, since load.sh and its siblings are not labeled kdump_exec_t). I cannot reproduce the issue as has been reported above. I suspect the issue to be much deeper than it appears, and the simple fix I came up with to fix the issue reported above (https://gitlab.suse.de/fbonazzi/selinux-policy/-/commit/64532e474ab287818a33...) is not sufficient. -- You are receiving this mail because: You are on the CC list for the bug.