[systemd-devel] systemd and chroot()

Matthew Garrett mjg59 at google.com
Tue Jun 4 16:45:41 UTC 2019


On Tue, Jun 4, 2019 at 9:42 AM Steve Dickson <SteveD at redhat.com> wrote:
> AVC avc:  denied  { sys_chroot } for  pid=2919 comm="rpc.mountd" capability=18  scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:nfsd_t:s0 tclass=capability permissive=0

This is an SELinux policy violation, nothing to do with systemd.
You're probably not seeing it when you run the daemon by hand because
the SELinux policy doesn't specify a transition in that case, so the
daemon doesn't end up running in the confined context.


More information about the systemd-devel mailing list