RepoMirrors/selinux-refpolicy
1
0
Fork 0
mirror of https://github.com/SELinuxProject/refpolicy synced 2025-03-25 04:26:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow systemd-hostnamed to set the hostname

Browse Source 
When calling hostnamectl to set the hostname it needs sys_admin
capability to actually set the hostname.

Feb 13 11:47:14 localhost.localdomain systemd-hostnamed[7221]: Failed to set host name: Operation not permitted
type=AVC msg=audit(1550058524.656:1988): avc:  denied  { sys_admin } for  pid=7873 comm="systemd-hostnam" capability=21  scontext=system_u:system_r:systemd_hostnamed_t:s0 tcontext=system_u:system_r:systemd_hostnamed_t:s0 tclass=capability permissive=0

Signed-off-by: Dave Sugar <dsugar@tresys.com>
This commit is contained in:
Sugar, David 2019-02-18 15:15:03 +00:00 committed by Chris PeBenito
parent 61d12f722d
commit b3cbf00cba
1 changed files with 2 additions and 0 deletions

2
policy/modules/system/systemd.te
View File

@ -331,6 +331,8 @@ seutil_search_default_contexts(systemd_coredump_t)
# Hostnamed policy
#
allow systemd_hostnamed_t self:capability { sys_admin };
kernel_read_kernel_sysctls(systemd_hostnamed_t)
dev_read_sysfs(systemd_hostnamed_t)