SELinux is preventing systemd-gpt-aut from using the sys_admin capability.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that systemd-gpt-aut should have the sys_admin capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd-gpt-aut' --raw | audit2allow -M my-systemdgptaut # semodule -X 300 -i my-systemdgptaut.pp

Additional Information: Source Context system_u:system_r:systemd_gpt_generator_t:s0 Target Context system_u:system_r:systemd_gpt_generator_t:s0 Target Objects Unknown [ capability ] Source systemd-gpt-aut Source Path systemd-gpt-aut Port Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-37.12-2.fc37.noarch Local Policy RPM selinux-policy-targeted-37.12-2.fc37.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux fedora 5.19.13-300.fc37.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Oct 4 15:54:24 UTC 2022 x86_64 x86_64 Alert Count 4 First Seen 2022-10-15 11:21:33 BST Last Seen 2022-10-15 12:15:14 BST Local ID bcad9e6b-08c8-4f7f-a333-198d0de61382

Raw Audit Messages type=AVC msg=audit(1665832514.326:364): avc: denied { sys_admin } for pid=65635 comm="systemd-gpt-aut" capability=21 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:system_r:systemd_gpt_generator_t:s0 tclass=capability permissive=0

Hash: systemd-gpt-aut,systemd_gpt_generator_t,systemd_gpt_generator_t,capability,sys_admin