-
Bug
-
Resolution: Duplicate
-
Undefined
-
None
-
rhel-9.4
-
None
-
None
-
None
-
rhel-sst-security-selinux
-
ssg_security
-
None
-
False
-
-
None
-
None
-
None
-
None
-
All
-
None
What were you trying to do that didn't work?
Add systemd-notify to a systemd service file.
Please provide the package NVR for which bug is seen:
How reproducible:
Always
Steps to reproduce
- Convert unit file to Type=notify
- Add systemd-notify --status "${request}ing backup rsync..."
to service script
Expected results
systemd-notify works as per systemd instructions
Actual results
Service fails as follows:
May 22 16:49:01 arnie.example.com /usr/libexec/device-timer/backup-rsync[2952708]: Failed to notify init system: Permission denied May 22 16:49:01 arnie.example.com systemd[1]: backup-rsync@blackadder-boot.service: Main process exited, code=exited, status=1/FAILURE
SELinux fail:
type=AVC msg=audit(1716392340.982:19212): avc: denied { sendto } for pid=2952681 comm="systemd-notify" path="/run/systemd/notify" scontext=system_u:system_r:systemd_notify_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_dgram_socket permissive=0
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
- duplicates
-
-
- Closed
-
