Description of problem:
I am trying to use systemd LoadCredential and it fails with
run-u546.service: Failed to set up credentials: Protocol error

(I am not sure if it is supposed to work btw, but I was expecting it to!)


Version-Release number of selected component (if applicable):
systemd-251.4-51.fc37.x86_64
selinux-policy-37.9-1.fc38.noarch

How reproducible:
always


Steps to Reproduce:
1. echo foo > /etc/secret ; chmod go-rwx /etc/secret
2. systemd-run  -p LoadCredential=secret:/etc/secret --pipe -t bash -c 'cat $CREDENTIALS_DIRECTORY/secret'
3.

Actual results:
journalctl -u run-u556
Aug 16 21:38:53 raw systemd[1]: Started run-u556.service - /usr/bin/bash -c cat $CREDENTIALS_DIRECTORY/secret.
Aug 16 21:38:53 raw systemd[3833]: run-u556.service: Failed to set up credentials: Protocol error
Aug 16 21:38:53 raw systemd[3833]: run-u556.service: Failed at step CREDENTIALS spawning /usr/bin/bash: Protocol error
Aug 16 21:38:53 raw systemd[1]: run-u556.service: Main process exited, code=exited, status=243/CREDENTIALS
Aug 16 21:38:53 raw systemd[1]: run-u556.service: Failed with result 'exit-code'.


Expected results:
foo


Additional info:
type=AVC msg=audit(1660678572.311:900): avc:  denied  { read write open } for  pid=3739 comm="(sd-mkdcreds)" path="/dev/shm/.#cred11e4396b522c8f40" dev="ramfs" ino=442785 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ramfs_t:s0 tclass=file permissive=0


sesearch -A -s init_t -t ramfs_t -c file -p read,write,open,rename,setattr
is empty

shouldn't this work?