On Tue, Jun 4, 2019 at 9:42 AM Steve Dickson <SteveD@xxxxxxxxxx> wrote:
> AVC avc: denied { sys_chroot } for pid=2919 comm="rpc.mountd" capability=18 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:nfsd_t:s0 tclass=capability permissive=0
This is an SELinux policy violation, nothing to do with systemd.
You're probably not seeing it when you run the daemon by hand because
the SELinux policy doesn't specify a transition in that case, so the
daemon doesn't end up running in the confined context.
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: systemd and chroot()
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: systemd and chroot()
- From: Matthew Garrett <mjg59@xxxxxxxxxx>
- Date: Tue, 4 Jun 2019 09:45:41 -0700
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <fe63bf24-c614-95a2-0971-4e0154950abb@RedHat.com>
- References: <fe63bf24-c614-95a2-0971-4e0154950abb@RedHat.com>
- Follow-Ups:
- Re: systemd and chroot()
- From: Steve Dickson
- Re: systemd and chroot()
- References:
- systemd and chroot()
- From: Steve Dickson
- systemd and chroot()
- Prev by Date: systemd and chroot()
- Next by Date: Re: systemd and chroot()
- Previous by thread: systemd and chroot()
- Next by thread: Re: systemd and chroot()
- Index(es):
 |