On Mon, 2019-02-18 at 15:15 +0000, Sugar, David wrote:
> init (systemd) needs to read /etc/hostname during boot
> to retreive the hostname to apply to the system.
>
> Feb 06 18:37:06 localhost.localdomain kernel: type=1400
> audit(1549478223.842:3): avc: denied { read } for pid=1
> comm="systemd" name="hostname" dev="dm-1" ino=1262975
> scontext=system_u:system_r:init_t:s0
> tcontext=system_u:object_r:net_conf_t:s0 tclass=file permissive=0
>
> Signed-off-by: Dave Sugar <dsugar@xxxxxxxxxx>
> ---
> policy/modules/system/init.te | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/policy/modules/system/init.te
> b/policy/modules/system/init.te
> index eabba1ed..735a3b81 100644
> --- a/policy/modules/system/init.te
> +++ b/policy/modules/system/init.te
> @@ -409,6 +409,8 @@ ifdef(`init_systemd',`
> # lvm2-activation-generator checks file labels
> seutil_read_file_contexts(init_t)
>
> + sysnet_read_config(init_t)
> +
> systemd_getattr_updated_runtime(init_t)
> systemd_manage_passwd_runtime_symlinks(init_t)
> systemd_use_passwd_agent(init_t)
Merged.
--
Chris PeBenito
