Description of problem: SELinux is preventing systemd_gpt_generator_t write to fixed_disk_device_t blk_file. Version-Release number of selected component (if applicable): selinux-policy keylime Actual results: Tests show denials. Expected results: Tests won't show any denials. Additional info: From keylime point of view, the denials not cause any fails in testsuite. So maybe possible way how to solve it is dontaudit these rules. I'm not able to reproduce, it appears only in CI. type=AVC msg=audit(1666601751.037:589): avc: denied { write } for pid=29242 comm="systemd-gpt-aut" name="nvme0n1" dev="devtmpfs" ino=298 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=0 https://artifacts.dev.testing-farm.io/59192121-dab6-4a22-91be-d07f0335e0e9/
Also need to dontaudit these rule: dontaudit systemd_gpt_generator_t systemd_gpt_generator_t:capability sys_admin;
Should be fixed in rawhide soon, not sure about other releases. *** This bug has been marked as a duplicate of bug 2083900 ***