What were you trying to do that didn't work?

Keepalived scripts executing as `keepalived_unconfined_script_t` SELinux domain cannot execute `systemctl` commands

There is no rule in the policy to allow `systemd` (executing as `init_t`) to send back the result to the keepalived script (executing as `keepalived_unconfined_script_t`).

Please provide the package NVR for which bug is seen:

selinux-policy-3.14.3-128.el8_9.1.noarch

How reproducible:

keepalived with a healthcheck scripts checking systemctl status

Temporary solution:

https://access.redhat.com/solutions/7053361

Expected results

systemd is able to send back the result to the keepalived script (executing as keepalived_unconfined_script_t)

Actual results

A USER_AVC related to `init_t` and `keepalived_unconfined_script_t` is seen in the audit.log:

type=USER_AVC msg=audit(01/16/2024 14:39:57.358:4406319) : pid=2242023 uid=dbus auid=unset ses=unset subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.856978 spid=1 tpid=325533 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:keepalived_unconfined_script_t:s0 tclass=dbus permissive=0  exe=/usr/bin/dbus-daemon sauid=dbus hostname=? addr=? terminal=?'