Allow systemd (PID 1) manage systemd conf files

fedora-selinux / selinux-policy

selinux-policy for Fedora is a large patch off the mainline

GNU General Public License v2.0

156 stars 157 forks source link

Allow systemd (PID 1) manage systemd conf files #2152

Closed zpytela closed 4 weeks ago

zpytela commented 4 weeks ago

Denials are triggered when "systemctl set-property --runtime" is used.

The commit addresses the following AVC denial: type=AVC msg=audit(06/03/2024 05:40:08.117:543) : avc: denied { create } for pid=1 comm=systemd name=.#50-CPUQuota.conf02880077955bce25 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_conf_t:s0 tclass=file permissive=0

Resolves: rhbz#2284157

packit-as-a-service[bot] commented 4 weeks ago

Cockpit tests failed for commit eed536c75c9a516c673dd546f2d74229171942c6. @martinpitt, @jelly, @mvollmer please check.

martinpitt commented 4 weeks ago

@zpytela something in rawhide broke ABRT and changed tuned. These are high on our list to investigate. Unfortunately there are a lot of other OS regressions on that list too, so it'll take a bit.. So please ignore here, the test looks fine.

zpytela commented 4 weeks ago

Thanks, Martin.