Rocky Linux 10 logs SELinux AVCs for systemd BPF operations during container startup due to incomplete SELinux policy coverage. These AVCs occur in permissive mode, are reproducible without Ceph, and do not indicate functional failure. Tests should ignore this specific AVC class while continuing to fail on enforced denials.
Signed-off-by: David Galloway <david.galloway@ibm.com>
(cherry picked from commit
25411d57c69fdebbf85c4cc4d6bb375e1e2a614a)
os_type: rocky
os_version: "10.1"
+overrides:
+ selinux:
+ allowlist:
+ - 'comm="systemd".*denied.*\{ prog_run \}.*tclass=bpf.*permissive=1'