Fix systemd-homed blobs directory permissions #2379
Merged
Commits on Oct 20, 2024
-
Fix systemd-homed blobs directory permissions
Oct 08 18:42:47 fedora audit[911]: AVC avc: denied { write } for pid=911 comm="systemd-homed" name="home" dev="sda3" ino=196819 scontext=system_u:system_r:systemd_homed_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=dir permissive=1 Oct 08 18:42:47 fedora audit[911]: AVC avc: denied { add_name } for pid=911 comm="systemd-homed" name="rich" scontext=system_u:system_r:systemd_homed_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=dir permissive=1 Oct 08 18:42:47 fedora audit[911]: AVC avc: denied { create } for pid=911 comm="systemd-homed" name="rich" scontext=system_u:system_r:systemd_homed_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=dir permissive=1 Oct 08 18:42:47 fedora audit[3061]: AVC avc: denied { write } for pid=3061 comm="systemd-homewor" name="home" dev="sda3" ino=196819 scontext=system_u:system_r:systemd_homework_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=dir permissive=1 Oct 08 18:42:47 fedora audit[3061]: AVC avc: denied { add_name } for pid=3061 comm="systemd-homewor" name=".#rich7c61b494c6f1bd9c" scontext=system_u:system_r:systemd_homework_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=dir permissive=1 Oct 08 18:42:47 fedora audit[3061]: AVC avc: denied { create } for pid=3061 comm="systemd-homewor" name=".#rich7c61b494c6f1bd9c" scontext=system_u:system_r:systemd_homework_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=dir permissive=1 Oct 08 18:42:47 fedora audit[3061]: AVC avc: denied { write } for pid=3061 comm="systemd-homewor" path=2F7661722F63616368652F73797374656D642F686F6D652F2E2372696368376336316234393463366631626439632F23343535323835202864656C6574656429 dev="sda3" ino=455285 scontext=system_u:system_r:systemd_homework_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=file permissive=1 Oct 08 18:42:47 fedora audit[3061]: AVC avc: denied { setattr } for pid=3061 comm="systemd-homewor" name="#455285" dev="sda3" ino=455285 scontext=system_u:system_r:systemd_homework_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=file permissive=1 Oct 08 18:42:47 fedora audit[3061]: AVC avc: denied { link } for pid=3061 comm="systemd-homewor" name="#455285" dev="sda3" ino=455285 scontext=system_u:system_r:systemd_homework_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=file permissive=1 Oct 08 18:42:47 fedora audit[3061]: AVC avc: denied { remove_name } for pid=3061 comm="systemd-homewor" name=".#rich7c61b494c6f1bd9c" dev="sda3" ino=455284 scontext=system_u:system_r:systemd_homework_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=dir permissive=1 Oct 08 18:42:47 fedora audit[3061]: AVC avc: denied { rename } for pid=3061 comm="systemd-homewor" name=".#rich7c61b494c6f1bd9c" dev="sda3" ino=455284 scontext=system_u:system_r:systemd_homework_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=dir permissive=1 Oct 08 18:42:47 fedora audit[3061]: AVC avc: denied { rmdir } for pid=3061 comm="systemd-homewor" name="rich" dev="sda3" ino=455283 scontext=system_u:system_r:systemd_homework_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=dir permissive=1 Oct 08 18:44:56 fedora audit[911]: AVC avc: denied { remove_name } for pid=911 comm="systemd-homed" name="avatar" dev="sda3" ino=455285 scontext=system_u:system_r:systemd_homed_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=dir permissive=1 Oct 08 18:44:56 fedora audit[911]: AVC avc: denied { unlink } for pid=911 comm="systemd-homed" name="avatar" dev="sda3" ino=455285 scontext=system_u:system_r:systemd_homed_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=file permissive=1 Oct 08 18:44:56 fedora audit[911]: AVC avc: denied { rmdir } for pid=911 comm="systemd-homed" name="rich" dev="sda3" ino=455284 scontext=system_u:system_r:systemd_homed_t:s0 tcontext=system_u:object_r:systemd_homed_cache_t:s0 tclass=dir permissive=1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.