On Sunday 06 January 2008, Todd Zullinger wrote: >Gene Heskett wrote: >> For years, I have been starting fetchmail as a background daemon by >> having the line: >> su user -c "fetchmail -d etc etc" in my rc.local script. >> >> Forced to re-install because something wiped the partition table on >> my boot drive, I installed F8 and I believe its was uptodate as of >> last night. >> >> But, its not running anymore via that procedure, and >> setroubleshoot's gui will display that it was denied at the time of >> the boot. >> >> It still works perfectly if I cut/paste that line into a root shell >> after I'm logged in. >> >> How can I address this? > >I've got similar things in /etc/rc.local that used to use su -c. I >don't recall having them get denied outright, but the programs that >were run definitely didn't pick up the proper SELinux contexts. So I >now have a few entries like this: > >runcon user_u:system_r:unconfined_t -- runuser -l -c "screen -dm" tmz I'm afraid I have pretty close to a NDI what that will do, Todd. And your use of the words 'used to' above also tells be your are doing this su user -c function differently now. Can you elaborate? The manpage for runcon is so concise as to be obtuse. Here is the line in question, in rc.local, that does not now work: su gene -c "fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc" Can you translate that into a 'runcon' style line please? Thanks. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Failure is not an option -- it comes bundled with Windows. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
