On 12/21/24 17:59, Antonio Russo wrote:
1. The issue is resolved by ordering systemd-resolved after systemd-tmpfiles-setup using an After= dependency.
Reverting `PrivateTmp=yes` from `PrivateTmp=disconnected` also resolves the issue. So, it's a regression fixing [1], which I'm trying to understand. I see it was you who actually authored the fix for [1]. I presume that using disconnected is removes the dependency on systemd-tmpfiles. But it seems the the selinux labels are not being changed when systemd-tmpfiles is brought up: In particular, the audit violations I see are supposedly allowed by the selinux policy I'm currently running. Does that mean that the objects in question have different labels now than at policy violation time (presumably before systemd-tmpfiles is re-labeling them)? I cannot find any indication that selinux policies are being loaded during boot. Best, Antonio [1] https://github.com/systemd/systemd/issues/35582
OpenPGP_0x72DB026E04C1C768.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ SELinux-devel mailing list SELinux-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/selinux-devel
