RepoMirrors/selinux-refpolicy
1
0
Fork 0
mirror of https://github.com/SELinuxProject/refpolicy synced 2025-04-01 22:58:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

sysadm: allow using hostnamectl

Browse Source 
Command "hostnamectl" communicates with systemd_hostnamed_t through
DBUS:

    type=USER_AVC msg=audit(1576535282.679:345): pid=285 uid=81
    auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t
    msg='avc:  denied  { send_msg } for msgtype=method_call
    interface=org.freedesktop.DBus.Properties member=GetAll
    dest=org.freedesktop.hostname1 spid=1449 tpid=1450
    scontext=sysadm_u:sysadm_r:sysadm_t
    tcontext=system_u:system_r:systemd_hostnamed_t tclass=dbus
    permissive=1  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=?
    terminal=?'

    type=USER_AVC msg=audit(1576535282.683:347): pid=285 uid=81
    auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t
    msg='avc:  denied  { send_msg } for msgtype=method_return
    dest=:1.269 spid=1450 tpid=1449
    scontext=system_u:system_r:systemd_hostnamed_t
    tcontext=sysadm_u:sysadm_r:sysadm_t tclass=dbus permissive=1
    exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2019-12-22 17:26:34 +01:00
parent 17f06cf1fe
commit b1566c1966
No known key found for this signature in database
GPG Key ID: C191415F340DAAA0
1 changed files with 4 additions and 0 deletions

4
policy/modules/roles/sysadm.te
View File

@ -1102,6 +1102,10 @@ optional_policy(`
sysstat_admin(sysadm_t, sysadm_r)
')
optional_policy(`
systemd_dbus_chat_hostnamed(sysadm_t)
')
optional_policy(`
tboot_run_txtstat(sysadm_t, sysadm_r)
')