From: "Sugar, David" <dsugar@tresys.com>
To: "selinux-refpolicy@vger.kernel.org" <selinux-refpolicy@vger.kernel.org>
Subject: [PATCH 1/2] Interface with systemd_hostnamed over dbus to set hostname
Date: Tue, 15 Jan 2019 03:20:28 +0000 [thread overview]
Message-ID: <20190115032018.28662-2-dsugar@tresys.com> (raw)
In-Reply-To: <20190115032018.28662-1-dsugar@tresys.com>
type=USER_AVC msg=audit(1547039052.040:558): pid=7159 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.hostname1 member=SetPrettyHostname dest=org.freedesktop.hostname1 spid=7563 tpid=7564 scontext=sysadm_u:sysadm_r:applyconfig_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_hostnamed_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1547039052.040:560): pid=7159 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.29 spid=7564 tpid=7563 scontext=system_u:system_r:systemd_hostnamed_t:s0 tcontext=sysadm_u:sysadm_r:applyconfig_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
policy/modules/system/systemd.if | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index 9c70afc9..740b3a92 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -268,6 +268,27 @@ interface(`systemd_read_machines',`
allow $1 systemd_machined_var_run_t:file read_file_perms;
')
+########################################
+## <summary>
+## Send and receive messages from
+## systemd hostnamed over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`systemd_dbus_chat_hostnamed',`
+ gen_require(`
+ type systemd_hostnamed_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 systemd_hostnamed_t:dbus send_msg;
+ allow systemd_hostnamed_t $1:dbus send_msg;
+')
+
########################################
## <summary>
## allow systemd_passwd_agent to inherit fds
--
2.20.1
next prev parent reply other threads:[~2019-01-15 3:20 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-15 3:20 [PATCH] Interface to read and write the mount_runtime_t directory Sugar, David
2019-01-15 3:20 ` Sugar, David [this message]
2019-01-16 23:12 ` [PATCH 1/2] Interface with systemd_hostnamed over dbus to set hostname Chris PeBenito
2019-01-15 3:20 ` [PATCH 2/2 v2] Modify type for /etc/hostname Sugar, David
2019-01-16 23:13 ` Chris PeBenito
2019-01-15 3:20 ` [PATCH] label journald configuraiton files syslog_conf_t Sugar, David
2019-01-16 23:12 ` Chris PeBenito
2019-01-16 23:06 ` [PATCH] Interface to read and write the mount_runtime_t directory Chris PeBenito
2019-01-22 14:47 ` Sugar, David
-- strict thread matches above, loose matches on Subject: below --
2019-01-11 15:30 [PATCH] Add interface to create unit files with specified type via filetrans Sugar, David
2019-01-11 15:30 ` [PATCH 1/2] Interface with systemd_hostnamed over dbus to set hostname Sugar, David
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190115032018.28662-2-dsugar@tresys.com \
--to=dsugar@tresys.com \
--cc=selinux-refpolicy@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.