Additional access for systemctl · dsugar100/refpolicy@db636a3

Commit

Additional access for systemctl

Nov 26 16:23:29 localhost.localdomain audisp-syslog[1662]: node=localhost type=AVC msg=audit(1701015809.183:8712): avc:  denied  { search } for  pid=2071 comm="systemctl" name="kernel" dev="proc" ino=5 scontext=system_u:system_r:cockpit_ws_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir permissive=1
Nov 26 16:23:29 localhost.localdomain audisp-syslog[1662]: node=localhost type=AVC msg=audit(1701015809.183:8712): avc:  denied  { read } for  pid=2071 comm="systemctl" name="cap_last_cap" dev="proc" ino=65 scontext=system_u:system_r:cockpit_ws_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file permissive=1
Nov 26 16:23:29 localhost.localdomain audisp-syslog[1662]: node=localhost type=AVC msg=audit(1701015809.183:8712): avc:  denied  { open } for  pid=2071 comm="systemctl" path="/proc/sys/kernel/cap_last_cap" dev="proc" ino=65 scontext=system_u:system_r:cockpit_ws_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file permissive=1

Signed-off-by: Dave Sugar <[email protected]>

Loading branch information

dsugar100 committed Dec 10, 2023

1 parent fe6723a commit db636a3

policy/modules/system/systemd.if

-Original file line number
+Diff line change
@@ Expand Up / @@ -2512,6 +2512,8 @@ interface(`systemd_exec_systemctl',` @@
     	init_stream_connect($1)
     	init_telinit($1)
     	init_dbus_chat($1)
+    	kernel_read_kernel_sysctls($1)
     ')
     #######################################
@@ Expand Down @@

0 comments on commit `db636a3`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `db636a3`

Commit

There are no files selected for viewing

0 comments on commit db636a3

0 comments on commit `db636a3`