https://bugzilla.suse.com/show_bug.cgi?id=1224149 https://bugzilla.suse.com/show_bug.cgi?id=1224149#c1 --- Comment #1 from Andrei Borzenkov <arvidjaar@gmail.com> --- After adding override for the reported AVCs I then got 10:~ # semodule -DB 10:~ # ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts boot <no matches> 10:~ # systemctl start snapper-cleanup.service 10:~ # ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts boot ---- time->Sun May 19 07:50:37 2024 type=AVC msg=audit(1716094237.445:227): avc: denied { execute_no_trans } for pid=1364 comm="sdbootutil" path="/usr/lib/systemd/systemd-pcrlock" dev="dm-0" ino=63823 scontext=system_u:system_r:snapperd_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file permissive=0 -- You are receiving this mail because: You are on the CC list for the bug.