Started to get these selinux failure for bootpctl (part of bootc) ``` ---- type=AVC msg=audit(02/27/26 15:09:37.739:2040) : avc: denied { nnp_transition nosuid_transition } for pid=13078 comm=bootupctl scontext=system_u:system_r:install_t:s0:c75,c789 tcontext=system_u:system_r:mount_t:s0:c75,c789 tclass=process2 permissive=0 ---- type=SELINUX_ERR msg=audit(02/27/26 15:09:37.739:2041) : op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:install_t:s0:c75,c789 newcontext=system_u:system_r:mount_t:s0:c75,c789 ``` Is it known or tracked? Reproducible: Always
Created attachment 2131676 [details] avc.txt
Hi, I've prepared a PR, but reading the description again I have a question: Which service executes bootupctl here? It is a confined command, so there rather should be a transition. $ matchpathcon /usr/bin/bootupctl /usr/bin/bootupctl system_u:object_r:bootupd_exec_t:s0
Afaict it is happening somewhere in our testing codepath of `/tests/provision/bootc`. We don't call `bootupctl` directly but something in `podman (machine|build)` does. Maybe we can provide you a reproducer: - From tmt repo - Run the test file `tests/provision/bootc/test.sh` - Get the avc log (not really sure how this is done)