Skip to content

Commit

Permalink
systemd: permit sysusers to create /etc/group
Browse files Browse the repository at this point in the history 
    audit[14480]: AVC avc:  denied  { create } for  pid=14480 comm="systemd-sysuser" name=".#group5f44baae46cc7c1d" scontext=unconfined_u:unconfined_r:systemd_sysusers_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
  • Loading branch information
@cgzones
cgzones committed Nov 28, 2024
1 parent 6e54a2e commit 2765e7f
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions policy/modules/system/systemd.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,8 @@ init_daemon_domain(systemd_sysctl_t, systemd_sysctl_exec_t)
type systemd_sysusers_t;
type systemd_sysusers_exec_t;
init_system_domain(systemd_sysusers_t, systemd_sysusers_exec_t)
# create /etc/group
domain_obj_id_change_exemption(systemd_sysusers_t)
role systemd_sysusers_roles types systemd_sysusers_t;

type systemd_tmpfiles_t;
Expand Down

0 comments on commit 2765e7f

Please sign in to comment.