SELinux is preventing systemd-gpt-aut from using the sys_admin capability.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that systemd-gpt-aut should have the sys_admin capability
by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-gpt-aut' --raw | audit2allow -M my-systemdgptaut
# semodule -X 300 -i my-systemdgptaut.pp
Additional Information:
Source Context system_u:system_r:systemd_gpt_generator_t:s0
Target Context system_u:system_r:systemd_gpt_generator_t:s0
Target Objects Unknown [ capability ]
Source systemd-gpt-aut
Source Path systemd-gpt-aut
Port
Host (removed)
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-37.12-2.fc37.noarch
Local Policy RPM selinux-policy-targeted-37.12-2.fc37.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux fedora 5.19.13-300.fc37.x86_64 #1 SMP
PREEMPT_DYNAMIC Tue Oct 4 15:54:24 UTC 2022 x86_64
x86_64
Alert Count 4
First Seen 2022-10-15 11:21:33 BST
Last Seen 2022-10-15 12:15:14 BST
Local ID bcad9e6b-08c8-4f7f-a333-198d0de61382
Raw Audit Messages
type=AVC msg=audit(1665832514.326:364): avc: denied { sys_admin } for
pid=65635 comm="systemd-gpt-aut" capability=21
scontext=system_u:system_r:systemd_gpt_generator_t:s0
tcontext=system_u:system_r:systemd_gpt_generator_t:s0 tclass=capability
permissive=0
Hash:
systemd-gpt-aut,systemd_gpt_generator_t,systemd_gpt_generator_t,capability,sys_admin