On 2/15/24 8:39 AM, Maurizio Lombardi wrote:
> If the systemd-modules service loads the target module, the credentials
> of that userspace process will be used to validate the access to the
> target db directory.
> selinux will prevent it, reporting an error like the following:
>
> kernel: audit: type=1400 audit(1676301082.205:4): avc: denied { read }
> for pid=1020 comm="systemd-modules" name="target" dev="dm-3"
> ino=4657583 scontext=system_u:system_r:systemd_modules_load_t:s0
> tcontext=system_u:object_r:targetd_etc_rw_t:s0 tclass=dir permissive=0
>
> Fix the error by using the kernel credentials to access the db directory
>
Do you need something similar for the pr related dirs/files or how does
that work but not this?
