The SELinux denial for systemd-tmpfile requesting the sys_resource capability indicates it’s trying to adjust system resource limits but isn’t authorized by the default policy. Since SELinux is in permissive mode, the action isn’t blocked but logged as a warning. You have two main options: Investigate why systemd-tmpfile needs this capability—there might be underlying resource limit issues that need fixing to avoid frequent adjustments. Temporarily allow this by generating a local policy module with: ausearch -c 'systemd-tmpfile' --raw | audit2allow -M my-systemdtmpfile semodule -X 300 -i my-systemdtmpfile.pp It’s best to diagnose resource usage first to avoid masking deeper problems. For more insights on Linux security and system management, check out sprunki: https://sprunki.sbs, a great resource for developers and sysadmins. -- _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
