http://bugzilla.opensuse.org/show_bug.cgi?id=1210140 Bug ID: 1210140 Summary: [SELinux] can't install cockpit Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: filippo.bonazzi@suse.com QA Contact: security-team@suse.de Found By: --- Blocker: --- Created attachment 866127 --> http://bugzilla.opensuse.org/attachment.cgi?id=866127&action=edit SELinux AVCs Operating System: openSUSE MicroOS SELinux status, mode and policy name: enabled, enforcing, targeted SELinux policy version and repository: Repository : openSUSE-Tumbleweed-Oss Name : selinux-policy-targeted Version : 20230321-1.1 Arch : noarch Vendor : openSUSE Installed Size : 24.0 MiB Installed : Yes (automatically) Status : up-to-date The software (incl. version) that is affected by the SELinux issue and the error message: cockpit SELinux Audit log: attached Any other important details: This is a fresh MicroOS VM from the qcow2 image [0]. I just created the VM, started it and added the root user. I installed cockpit following the instructions from [1]: $ transactional-update pkg install -t pattern microos-cockpit This completed and I rebooted the system. The instructions are evidently not enough, as many cockpit packages including cockpit are not installed by this, and of course the cockpit socket is not present and cockpit cannot be started. Therefore, I launched another transactional update to install cockpit: $ transactional-update pkg install cockpit This now breaks with this error: ``` (4/5) Installing: cockpit-ws-276.1-4.2.x86_64 [... SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.33: Permission denied /usr/sbin/load_policy: Can't load policy: Permission denied grep: /etc/pam.d/cockpit: No such file or directory done] ``` There are several AVCs (attached), I'm not sure if they are related. [0] https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-... [1] https://documentation.suse.com/sle-micro/5.3/html/SLE-Micro-all/article-cock... -- You are receiving this mail because: You are on the CC list for the bug.