On Tue, Jul 19, 2022, at 12:24 PM, Lennart Poettering wrote:
>
> by something like this:
>
> <snip>
> ExecStart=/usr/bin/systemd-tmpfiles --create -
> StandardInputText=f /run/sysctl.d/01-coreos-printk.conf - - - - kernel.printk 4
> </snip>
>
> Benefits: no shell, single process forked, no explicit selinux stuff,
> or explicit mkdir, and other MACs will be honoured too if they exist.
Unfortunately doesn't work today since:
[ 243.300955] audit: type=1400 audit(1658251774.506:317): avc: denied { getattr } for pid=1801 comm="systemd-sysctl" path="/run/sysctl.d/01-coreos-printk.conf" dev="tmpfs" ino=934 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=1
But yes, I will look at getting that added to policy.
(FTR there was also a missing `=` in the sysctl text)
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
