oracle-linux icon indicating copy to clipboard operation
oracle-linux copied to clipboard

Published 20 hours ago verified publisher icon oracle

Systemd update causes SELinux to deny cockpit.socket when updating the MOTD

Open jeepingben opened this issue 2 years ago • 10 comments

A recent systemd update (either systemd-239-74.0.5.el8_8.5.x86_64.rpm or systemd-239-74.0.6.el8_8.5.x86_64.rpm) results in SELinux denials when starting cockpit. Screenshot 2023-11-08 at 15 46 45 This prevents cockpit.socket's ExecStartPost script form getting the correct listening port when updating the MOTD. This is a pretty tiny effect and I only noticed because of the new denials.

Steps to reproduce: Clean install of OL8 that includes cockpit sudo systemctl start cockpit sudo ausearch -m avc

You can stop it from happening by downgrading to systemd-239-74.0.4.el8_8.3.x86_64.rpm and rebooting.

jeepingben avatar Nov 08 '23 21:11 jeepingben

@AmedeeBulle - Our contact at Oracle recommended I ping you about this issue. Can you get someone to take a look at it?

Is this issues page the replacement for bugzilla.oracle.com?

jeepingben avatar Nov 14 '23 20:11 jeepingben

I'll report this internally

AmedeeBulle avatar Nov 15 '23 12:11 AmedeeBulle

Cannot be reproduced with systemd-239-78.0.1.el8.x86_64 (actual latest).

scoter-oracle avatar Feb 02 '24 13:02 scoter-oracle

I am still seeing this with Name : systemd Version : 239 Release : 78.0.3.el8

I just confirmed again by doing a fresh net install of OL8.9. After install, I ran systemctl enable --now cockpit.socket, logged out, logged back in, ran ausearch -m avc` and got the same denial.

jeepingben avatar Feb 08 '24 15:02 jeepingben