Open dustymabe opened 4 years ago
@dustymabe, files in /run/sysctl.d are not generic runtime files, but it is questionable which context is the right one according to the current policy state:
# matchpathcon /etc/sysctl.conf /etc/sysctl.d/a.conf /usr/lib/sysctl.d/a.conf
/etc/sysctl.conf system_u:object_r:system_conf_t:s0
/etc/sysctl.d/a.conf system_u:object_r:etc_t:s0
/usr/lib/sysctl.d/a.conf system_u:object_r:lib_t:s0
I am just afraid that changing context for all of them to match can make troubles.
Is there anyone that would know better that we could ask?
@zpytela - should we ask Lukas or Dan maybe?
Hi @dustymabe ,
If you relabel /run/sysctl.d to etc_t -
# chcon -t etc_t /run/sysctl.d/
It should fix your issue.
Do you have existing bugzilla ticket for this issue?
I'm creating a file in
/run/sysctl.d
to be picked up by systemd-sysctl and it's failing with an selinux denial. On Fedora 32:Should we update the policy to allow
systemd-sysctl
to readvar_run_t
or update the policy such that files created under/run/sysctl.d
get a different file content by default?