Bug 1594478 - SELinux is preventing systemd from 'passwd_file_t' write
Summary: SELinux is preventing systemd from 'passwd_file_t' write
Keywords:
Status: CLOSED DUPLICATE of bug 1559281
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-06-23 12:40 UTC by Marcin Skarbek
Modified: 2018-07-03 08:52 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2018-07-03 08:52:05 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Marcin Skarbek 2018-06-23 12:40:53 UTC 
Description of problem:
SElinux denies access to passwd file which conflicts with 'DynamicUser' service option. That causes failure during the start of a unit that uses 'DynamicUser'.

Version-Release number of selected component (if applicable):
systemd: 239-1
selinux-policy: 3.14.2-25

How reproducible:
Every time.

Steps to Reproduce:
1. Enable unit with configured 'DynamicUser' - systemd-networkd in my case.

Actual results:
Unit fails to start.

Expected results:
Unit starts correctly.

Additional info:
Used workaraund:
# ausearch -c '(networkd)' --raw|audit2allow -M init-passwd
# semodule -X 300 -i init-passwd.pp

# cat init-passwd.te 

module init-passwd 1.0;

require {
	type init_t;
	type passwd_file_t;
	class file write;
}

#============= init_t ==============
allow init_t passwd_file_t:file write;
Comment 1 Lukas Vrabec 2018-07-03 08:52:05 UTC 

*** This bug has been marked as a duplicate of bug 1559281 ***
Note You need to log in before you can comment on or make changes to this bug.