search

fedora-selinux / selinux-policy

selinux-policy for Fedora is a large patch off the mainline
GNU General Public License v2.0
161 stars 162 forks source link

Allow polkit status systemd services #2003

Closed zpytela closed 7 months ago

zpytela commented 7 months ago

The commit addresses the following USER_AVC denial: type=USER_AVC msg=audit(1705928748.141:203): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=n/a uid=114 gid=114 path="/usr/lib/systemd/system/user@.service" cmdline="/usr/lib/polkit-1/polkitd --no-debug" function="method_get_unit_by_pidfd" scontext=system_u:system_r:policykit_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=service permissive=0 exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

packit-as-a-service[bot] commented 7 months ago

Cockpit tests failed for commit 04cff206d517f794d27fc8b57bdb3052fdd3594d. @martinpitt, @jelly, @mvollmer please check.

martinpitt commented 7 months ago

@zpytela FTR, we fixed the rawhide failures. Not sure why the tests don't re-run after your recent force push, perhaps long TF queues?