1543049 – SELinux does not allow systemd to create a UNIX socket

Bug 1543049 - SELinux does not allow systemd to create a UNIX socket

Summary: SELinux does not allow systemd to create a UNIX socket

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	26
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-02-07 15:56 UTC by Nicki Křížek
Modified:	2018-03-12 09:15 UTC (History)
CC List:	5 users (show)
Fixed In Version:	selinux-policy-3.13.1-283.26.fc27
Clone Of:
Environment:
Last Closed:	2018-03-12 09:15:34 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Nicki Křížek 2018-02-07 15:56:28 UTC

Description of problem:
When using systemd to create a UNIX socket while starting a service (via Sockets= in service file), selinux doesn't allow the UNIX socket to be created.

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-283.24.fc27.noarch

How reproducible:
always

Expected results:
selinux should allow systemd to create and use a UNIX socket


Additional info:
audit2allow output:

#============= init_t ==============
allow init_t unconfined_service_t:unix_stream_socket { bind create listen setopt };

Note You need to log in before you can comment on or make changes to this bug.