2018-02-19 15:26 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0014096CentOS-7systemdpublic2017-12-06 22:42
PlatformServerOSCentOSOS Version7.4.1708
Product Version 
Target VersionFixed in Version 
Summary0014096: systemd-sysctl fails to set sys_resource entries if SELinux is active
DescriptionTrying to set user.max_user_namespaces via sysctl.conf, systemd-sysctl fails if SELinux is active.
Steps To Reproduceecho user.max_user_namespaces = 15000 >> /etc/sysctl.conf
systemctl restart systemd-sysctl

You will note that systemd-sysctl fails to start (also when rebooting), and see the syslog messages shown below.
Additional InformationSyslog shows:
systemd-sysctl[2674]: Failed to write '15000' to '/proc/sys/user/max_user_namespaces': Permission denied
systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE

Creating a new SELinux module:

#============= systemd_sysctl_t ==============
allow systemd_sysctl_t self:capability sys_resource;

Fixes the problem.
TagsNo tags attached.
Attached Files




olifre (reporter)

There's the associated RedHat bug report here:

-Issue History
Date Modified Username Field Change
2017-11-07 10:21 olifre New Issue
2017-12-06 22:42 olifre Note Added: 0030714
+Issue History