audit fails to access the /proc filesystem, because /proc has SELinux type "unlabeled_t". Reproducible: Always Steps to Reproduce: 1. Setup Gentoo with systemd and SELinux 2. Boot Actual Results: You get the following denial: [ 19.902620] audit: type=1400 audit(1663630933.439:3): avc: denied { mounton } for pid=1062 comm="(auditd)" path="/run/systemd/unit-root/proc" dev="dm-3" ino=67581 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1 Expected Results: /proc should have SELinux type "proc_t". With help of user grift from IRC libera #selinux channel, I relabeled "/proc": # Credits: grift :) ❯ echo '(filecon "/proc" dir (system_u object_r proc_t ((s0)(s0)))) (allow proc_t fs_t (filesystem (associate))) (typeattributeset mountpoint proc_t)'> my_proc.cil ❯ semodule -i my_proc.cil ❯ export tmpdir="$(mktemp -d)" && mount --bind / "$tmpdir" && chcon system_u:object_r:proc_t:s0 "$tmpdir"/proc && umount "$tmpdir" && echo -e "\e[1;32mSUCCESS\e[0m"
(Aside: we may want to add proc to https://wiki.gentoo.org/wiki/SELinux/Installation#Setting_file_system_contexts)
