Bug ID 1210121
Summary SELinux possible missing policies for systemd-localed and systemd-hostnamed
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware All
OS openSUSE Tumbleweed
Status NEW
Severity Minor
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter khanich.opensource@gmx.de
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

tested on: openSUSE microOS Raspberry Pi 4

On a fresh install of microOS, systemd-localed and systemd-hostnamed can only
answer dbus calls via localectl and hostnamectl respectively if you run it as
root yourself.

If you let a script call them, localectl and hostnamectl time out and I get a
USER_AVC that systemd-localed and systemd-hostnamed got blocked.

If I add the policies "allow systemd_hostnamed_t initrc_t:dbus send_msg;" and
"allow systemd_localed_t initrc_t:dbus send_msg;" respectively, this doesn't
happen.

So, my question is, if it is intended that hostnamed and localed can't answer
or if that is unintended.

You are receiving this mail because: