[Bug 1200911] New: A denial is observed after upgrading to systemd v251
https://bugzilla.suse.com/show_bug.cgi?id=1200911 Bug ID: 1200911 Summary: A denial is observed after upgrading to systemd v251 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: fbui@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- After submitting systemd v251 to Factory (sr#981446), openQA reported the following regression: https://openqa.opensuse.org/tests/2420012#step/journal_check/22
Jun 17 14:08:14.358418 localhost systemd-gpt-auto-generator[441]: Failed to dissect: Permission denied Jun 17 14:08:14.358432 localhost kernel: audit: type=1400 audit(1655474893.968:10): avc: denied { sys_admin } for pid=441 comm="systemd-gpt-aut" capability=21 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:system_r:systemd_gpt_generator_t:s0 tclass=capability permissive=0
Apparently selinux prevents now systemd-gpt-auto-generator from accessing to the filesystem. I took a quick look at the changes introduced in systemd-gpt-auto-generator between v250 and v251 but couldn't find anything relevant. Could the secteam have a look and maybe help me figuring out what's going wrong ? Thanks. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1200911
Marcus Meissner
https://bugzilla.suse.com/show_bug.cgi?id=1200911
Hu
https://bugzilla.suse.com/show_bug.cgi?id=1200911
Hu
https://bugzilla.suse.com/show_bug.cgi?id=1200911
Filippo Bonazzi
https://bugzilla.suse.com/show_bug.cgi?id=1200911
Johannes Segitz
https://bugzilla.suse.com/show_bug.cgi?id=1200911
https://bugzilla.suse.com/show_bug.cgi?id=1200911#c1
Johannes Segitz
https://bugzilla.suse.com/show_bug.cgi?id=1200911
https://bugzilla.suse.com/show_bug.cgi?id=1200911#c2
Johannes Segitz
participants (1)
-
bugzilla_noreply@suse.com