SELinux is preventing /usr/lib/systemd/systemd-sleep from open access on the blk_file /dev/dm-1. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd-sleep should be allowed open access on the dm-1 blk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd-sleep' --raw | audit2allow -M my-systemdsleep # semodule -X 300 -i my-systemdsleep.pp Additional Information: Source Context system_u:system_r:systemd_sleep_t:s0 Target Context system_u:object_r:fixed_disk_device_t:s0 Target Objects /dev/dm-1 [ blk_file ] Source systemd-sleep Source Path /usr/lib/systemd/systemd-sleep Port Host testpcr10 Source RPM Packages systemd-udev-256-4.el10.x86_64 Target RPM Packages SELinux Policy RPM selinux-policy-targeted-40.13.5-1.el10.noarch Local Policy RPM selinux-policy-targeted-40.13.5-1.el10.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name testpcr10 Platform Linux testpcr10 6.10.0-15.el10.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Jul 16 15:09:34 EDT 2024 x86_64 Alert Count 3 First Seen 2024-07-18 13:12:54 CEST Last Seen 2024-07-18 13:29:56 CEST Local ID a1f65635-4aa5-479f-99da-ad562b23543b Raw Audit Messages type=AVC msg=audit(1721302196.561:108): avc: denied { open } for pid=4354 comm="systemd-sleep" path="/dev/dm-1" dev="devtmpfs" ino=560 scontext=system_u:system_r:systemd_sleep_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=0 type=SYSCALL msg=audit(1721302196.561:108): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffff9c a1=5594c15cba60 a2=80900 a3=0 items=0 ppid=1 pid=4354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=systemd-sleep exe=/usr/lib/systemd/systemd-sleep subj=system_u:system_r:systemd_sleep_t:s0 key=(null) Hash: systemd-sleep,systemd_sleep_t,fixed_disk_device_t,blk_file,open