Migration to selinux, laptop with no battery. ausearch prints "power-profiles-" messages?

fragraider · March 1, 2025, 8:58am

Hello

I migrated from apparmor to selinux following this guide: Portal:SELinux/Setup - openSUSE Wiki and reched step 9. The battery of the T430 is not present (died long ago). Running the command in step 9 provides this output:

# ausearch -m avc,user_avc,selinux_err,user_selinux_err -ts boot
----
time->Sat Mar  1 09:44:25 2025
type=AVC msg=audit(1740818665.329:133): avc:  denied  { read } for  pid=2796 comm="power-profiles-" name="passwd" dev="dm-0" ino=688603 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
----
time->Sat Mar  1 09:44:25 2025
type=AVC msg=audit(1740818665.329:134): avc:  denied  { open } for  pid=2796 comm="power-profiles-" path="/etc/passwd" dev="dm-0" ino=688603 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
----
time->Sat Mar  1 09:44:25 2025
type=AVC msg=audit(1740818665.329:135): avc:  denied  { getattr } for  pid=2796 comm="power-profiles-" path="/etc/passwd" dev="dm-0" ino=688603 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
----
time->Sat Mar  1 09:44:25 2025
type=AVC msg=audit(1740818665.329:136): avc:  denied  { watch } for  pid=2796 comm="power-profiles-" path="/sys/devices/system/cpu/intel_pstate" dev="sysfs" ino=13675 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=1

Step 10 instructs to proceed if there are not denials, which I understand all 4 messages are. Given they are related to power proffiles, the missing battery comes to mind, but occurences of path="/etc/passwd" concern me.

I also performed the migration on a stationary PC (also Tumbleweed), successfully.

Is anybody in the know whether I can proceed with step 10? If not, any ideas how the issues can be solved?

Some additional information, maybe of importance:

I have removed the nvidia service and all nvidia proprietary drivers.
The system is up to date, updated using zypper dup followed by a restart.

marel · March 1, 2025, 9:21am

Looks to me you missed what was written with Step 9:

fragraider · March 1, 2025, 9:40am

In other words, no errors, no problem? I can ignore the denied messages, including ones containing path="/etc/passwd"?

marel · March 1, 2025, 9:43am

I read the text different, time to open a bug.

fkrueger · March 1, 2025, 10:05am

Known issue: 1237534 – [SELinux] power-profiles-daemon is denied several file access

fragraider · March 1, 2025, 10:10am

Thank you @fkrueger, will stop creating my own bug and follow this one instead.

comraderachel · March 3, 2025, 8:51pm

I am also getting this error as well. Does this mean I should not do the last step of SELINUX=enforcing until this bug is patched? I want to make sure before I break my system.
Thank you

fkrueger · March 3, 2025, 9:54pm

This is at your own risk! I would stay with the permissive mode until the two bugs you have mentioned in Setup SELinux on existing Tumbleweed error messages are solved.