RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow init_t to read net_conf_t 

init (systemd) needs to read /etc/hostname during boot
to retreive the hostname to apply to the system.

Feb 06 18:37:06 localhost.localdomain kernel: type=1400 audit(1549478223.842:3): avc:  denied  { read } for  pid=1 comm="systemd" name="hostname" dev="dm-1" ino=1262975 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file permissive=0

Signed-off-by: Dave Sugar <dsugar@tresys.com>
This commit is contained in:
Sugar, David 2019-02-18 15:15:03 +00:00 committed by Chris PeBenito
parent 807cf71287
commit 61d12f722d
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/init.te
View File

@ -409,6 +409,8 @@ ifdef(`init_systemd',`
# lvm2-activation-generator checks file labels # lvm2-activation-generator checks file labels
seutil_read_file_contexts(init_t) seutil_read_file_contexts(init_t)
sysnet_read_config(init_t)
systemd_getattr_updated_runtime(init_t) systemd_getattr_updated_runtime(init_t)
systemd_manage_passwd_runtime_symlinks(init_t) systemd_manage_passwd_runtime_symlinks(init_t)
systemd_use_passwd_agent(init_t) systemd_use_passwd_agent(init_t)