When calling hostnamectl to set the hostname it needs sys_admin capability to actually set the hostname. Feb 13 11:47:14 localhost.localdomain systemd-hostnamed[7221]: Failed to set host name: Operation not permitted type=AVC msg=audit(1550058524.656:1988): avc: denied { sys_admin } for pid=7873 comm="systemd-hostnam" capability=21 scontext=system_u:system_r:systemd_hostnamed_t:s0 tcontext=system_u:system_r:systemd_hostnamed_t:s0 tclass=capability permissive=0 Signed-off-by: Dave Sugar <dsugar@xxxxxxxxxx> --- policy/modules/system/systemd.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 2b25a7d5..b88bf232 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -331,6 +331,8 @@ seutil_search_default_contexts(systemd_coredump_t) # Hostnamed policy # +allow systemd_hostnamed_t self:capability { sys_admin }; + kernel_read_kernel_sysctls(systemd_hostnamed_t) dev_read_sysfs(systemd_hostnamed_t) -- 2.20.1