Skip to content

SELinux Enforcing stops systemd service from starting #1606

New issue
New issue
Closed as not planned
#1607
Closed as not planned
SELinux Enforcing stops systemd service from starting#1606
#1607
Labels
Runner BugBug fix scope to the runnerStalebugSomething isn't working
@krayon

Description

@krayon
krayon
opened on Jan 13, 2022

Describe the bug

When SELinux is Enforcing, scripts started by systemd need the initrc_exec_t context set. It is not currently.

To Reproduce

Steps to reproduce the behavior:

  1. Have SELinux Enforcing;

  2. Add a runner;

  3. Run ./svc.sh install

  4. Observe that systemd failed to start the script:

    sudo grep -i denied /var/log/audit/audit.log|grep -i svc|tail -1|fold -s
    type=AVC msg=audit(1642053001.589:304): avc:  denied  { execute } for  
pid=14114 comm="(unsvc.sh)" name="runsvc.sh" dev="vda1" ino=25325969 
scontext=system_u:system_r:init_t:s0 
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

Expected behavior

  • systemd should be able to start the script.

Runner Version and Platform

  • Version: 2.278
  • OS: Linux (x64)

/cc: @mikedalton

Metadata

Metadata

Assignees

No one assigned

    Labels

    Runner BugBug fix scope to the runnerStalebugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions