diff options
author | Evgeny Vereshchagin <evvers@ya.ru> | 2016-01-31 12:59:35 +0000 |
---|---|---|
committer | Evgeny Vereshchagin <evvers@ya.ru> | 2016-01-31 14:19:15 +0000 |
commit | 61ea63f1ab7f47cc7490986748f3d240c06b54a5 (patch) | |
tree | 436f728669c718e99088130b945a6f6b9e71ab50 /man/nss-mymachines.xml | |
parent | 5c7290b1956453024fc14abba2385ea9e9bccf8c (diff) |
core: fix selinux check for reload
Fixes:
-bash-4.3# echo 1 >/sys/fs/selinux/enforce
-bash-4.3# runcon -t systemd_test_start_t systemctl start hola
-bash-4.3# sesearch --allow -s systemd_test_reload_t -c service
Found 1 semantic av rules:
allow systemd_test_reload_t systemd_unit_file_t : service reload ;
-bash-4.3# runcon -t systemd_test_reload_t systemctl reload hola
Failed to reload hola.service: Access denied
See system logs and 'systemctl status hola.service' for details.
-bash-4.3# journalctl -b | grep -i user_avc | grep reload
USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='
avc: denied { start } for auid=0 uid=0 gid=0 path="/etc/systemd/system/hola.service" cmdline="systemctl reload hola"
scontext=unconfined_u:unconfined_r:systemd_test_reload_t:s0-s0:c0.c1023
tcontext=system_u:object_r:systemd_unit_file_t:s0
tclass=service
See
https://fedoraproject.org/wiki/Features/SELinuxSystemdAccessControl#Documentation
Diffstat (limited to 'man/nss-mymachines.xml')
0 files changed, 0 insertions, 0 deletions