My system was no longer able to boot after installing selinux-policy-40.22-1 because systemd couldn't decrypt my extra disks as the systemd-cryptsetup-generator failed to create the units for them.
systemd-cryptsetup-generator[1119]: Failed to generate keydev mount unit: Permission denied
kernel: audit: type=1400 audit(1718826964.334:4): avc: denied { write } for pid=1119 comm="systemd-cryptse" name="systemd" dev="tmpfs" ino=845 scontext=system_u:system_r:systemd_cryptsetup_generator_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=dir permissive=0
(sd-exec-[1112]: /usr/lib/systemd/system-generators/systemd-cryptsetup-generator failed with exit status 1.
Obviously systemd-cryptsetup-generator should be allowed to write where it needs to, I guess /run/systemd/generator/ and /run/systemd/cryptsetup looking at the file paths after a successful boot but I am not sure if there is more.
My system was no longer able to boot after installing selinux-policy-40.22-1 because systemd couldn't decrypt my extra disks as the systemd-cryptsetup-generator failed to create the units for them.
Obviously systemd-cryptsetup-generator should be allowed to write where it needs to, I guess
/run/systemd/generator/
and/run/systemd/cryptsetup
looking at the file paths after a successful boot but I am not sure if there is more.