Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-45309

Allow systemd-hostnamed read the vsock device

XMLWordPrintable

    • selinux-policy-40.13.4-1.el10
    • None
    • None
    • sst_security_selinux
    • ssg_security
    • 19
    • None
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Unspecified Release Note Type - Unknown
    • x86_64
    • None

      The following denial appears on systemd v256 boot:

      type=PROCTITLE msg=audit(06/27/2024 09:12:41.729:64) : proctitle=/usr/lib/systemd/systemd-hostnamed
      type=SYSCALL msg=audit(06/27/2024 09:12:41.729:64) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f16367414e4 a2=O_RDONLY|O_CLOEXEC a3=0x0 items=0 ppid=1 pid=635 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-hostnam exe=/usr/lib/systemd/systemd-hostnamed subj=system_u:system_r:systemd_hostnamed_t:s0 key=(null)
      type=AVC msg=audit(06/27/2024 09:12:41.729:64) : avc: denied

      { read }

      for pid=635 comm=systemd-hostnam name=vsock dev="devtmpfs" ino=270 scontext=system_u:system_r:systemd_hostnamed_t:s0 tcontext=system_u:object_r:vsock_device_t:s0 tclass=chr_file permissive=0

            rhn-support-zpytela Zdenek Pytela
            yinchang0124 Chang Yin
            Zdenek Pytela Zdenek Pytela
            Milos Malik Milos Malik
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: