***** Plugin catchall (100. confidence) suggests **************************
If you believe that systemd-gpt-aut should have the sys_admin capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-gpt-aut' --raw | audit2allow -M my-systemdgptaut
# semodule -X 300 -i my-systemdgptaut.pp
Additional Information:
Source Context system_u:system_r:systemd_gpt_generator_t:s0
Target Context system_u:system_r:systemd_gpt_generator_t:s0
Target Objects Unknown [ capability ]
Source systemd-gpt-aut
Source Path systemd-gpt-aut
Port
Host (removed)
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-37.12-2.fc37.noarch
Local Policy RPM selinux-policy-targeted-37.12-2.fc37.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux fedora 5.19.13-300.fc37.x86_64 #1 SMP
PREEMPT_DYNAMIC Tue Oct 4 15:54:24 UTC 2022 x86_64
x86_64
Alert Count 4
First Seen 2022-10-15 11:21:33 BST
Last Seen 2022-10-15 12:15:14 BST
Local ID bcad9e6b-08c8-4f7f-a333-198d0de61382
Raw Audit Messages
type=AVC msg=audit(1665832514.326:364): avc: denied { sys_admin } for pid=65635 comm="systemd-gpt-aut" capability=21 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:system_r:systemd_gpt_generator_t:s0 tclass=capability permissive=0
Hash: systemd-gpt-aut,systemd_gpt_generator_t,systemd_gpt_generator_t,capability,sys_admin
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
