Hi,
I stumbled on a case in RHEL7, where selinux blocks calls to systemd
I know it's SELinux, because everything work properly after setenforce 0
I added a simple manifest rules to puppet:
exec { 'update TZ':
command => "/bin/timedatectl set-timezone ${timezone}",
unless => "/bin/timedatectl status | /bin/grep -q ${timezone}",
}
what's interesting, even after I ran
semodule --disable_dontaudit --build
I don't see any denials.
But then I created a simple cron job :
# cat /etc/cron.d/debug
* * * * * root /bin/timedatectl status &> /tmp/timedatectl.status
# cat /tmp/timedatectl.status
Failed to issue method call: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
So it's not only puppet related.
Is this intended behavior? Some boolean I have to change?
Thanks,
Vadym
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
