[DSE-Dev] Bug#1090966: "Could not create manager: Permission denied" maybe selinux related (also affects systemd-timesyncd)

[Antonio Russo]

On 12/21/24 17:59, Antonio Russo wrote:
> 1. The issue is resolved by ordering systemd-resolved
> after systemd-tmpfiles-setup using an After= dependency.

Reverting `PrivateTmp=yes` from `PrivateTmp=disconnected` also resolves the
issue.  So, it's a regression fixing [1], which I'm trying to understand.

I see it was you who actually authored the fix for [1].  I presume that using
disconnected is removes the dependency on systemd-tmpfiles.  But it seems the
the selinux labels are not being changed when systemd-tmpfiles is brought up:

In particular, the audit violations I see are supposedly allowed by the selinux
policy I'm currently running.  Does that mean that the objects in question have
different labels now than at policy violation time (presumably before
systemd-tmpfiles is re-labeling them)?  I cannot find any indication that selinux
policies are being loaded during boot.

Best,
Antonio


[1] https://github.com/systemd/systemd/issues/35582
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x72DB026E04C1C768.asc
Type: application/pgp-keys
Size: 7680 bytes
Desc: OpenPGP public key
URL: <http://alioth-lists.debian.net/pipermail/selinux-devel/attachments/20241222/30aada56/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/selinux-devel/attachments/20241222/30aada56/attachment.sig>