Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-26147

timedatectl fails in timeout when executing from initrc_t context

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Normal Normal
    • None
    • rhel-9.5
    • selinux-policy
    • None
    • None
    • Moderate
    • rhel-sst-security-selinux
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • Unspecified Release Note Type - Unknown
    • None

      What were you trying to do that didn't work?

      Executing timedatectl from a service running as initrc_t fails in timeout and produces a USER_AVC due to missing the (well-known) capability for DBUS to answer to requests:

      type=USER_AVC msg=audit(02/20/2024 14:03:16.615:646) : pid=795 uid=dbus auid=unset ses=unset subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.116 spid=31737 tpid=31748 scontext=system_u:system_r:systemd_timedated_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=dbus permissive=0  exe=/usr/bin/dbus-daemon sauid=dbus hostname=? addr=? terminal=?'

      Please provide the package NVR for which bug is seen:

      selinux-policy-3.14.3-128.el8_9.1.noarch

      How reproducible:

      Always

      Steps to reproduce

      1. Start timedatectl in appropriate context 
        # systemd-run /bin/sh -c "timedatectl"

      Expected results

      Works

      Actual results

      Fails in timeout + USER_AVC

              rhn-support-zpytela Zdenek Pytela
              rhn-support-rmetrich Renaud Métrich
              Zdenek Pytela Zdenek Pytela
              SSG Security QE SSG Security QE
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: