search

fedora-selinux / selinux-policy

selinux-policy for Fedora is a large patch off the mainline
GNU General Public License v2.0
156 stars 157 forks source link

Allow system dbusd service status systemd services #2081

Closed zpytela closed 2 months ago

zpytela commented 2 months ago

The commit addresses the following USER_AVC denial: Apr 14 03:33:32 hostname audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=n/a uid=0 gid=81 path="/usr/lib/systemd/system/systemd-logind.service" cmdline="/usr/bin/dbus-broker-launch --scope system --audit" function="reply_unit_path" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=service permissive=0 exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

packit-as-a-service[bot] commented 2 months ago

Cockpit tests failed for commit de84c6d329ae1261dccb6567caba8e8109e47a20. @martinpitt, @jelly, @mvollmer please check.