I am trying to write a SELinux policy for a daemon which will be started from an init script on CentOS 6. I seem to be most of the way there, except when running its init script (with "service bitcoin start"), the daemon starts and runs as unconfined_u: ps -eZ | grep bitcoin unconfined_u:system_r:bitcoin_t:s0 19993 ? 00:00:00 bitcoind I generated the policy using selinux-polgengui which was included with CentOS 6 selecting "Standard Init Daemon". The init script seems to be correctly labeled: root@buildbox-el6 ~ # ls -Z /etc/rc.d/init.d/bitcoin -rwxr-xr-x. root root system_u:object_r:bitcoin_initrc_exec_t:s0 /etc/rc.d/init.d/bitcoin The daemon also seems to be correctly labeled: root@buildbox-el6 ~ # ls -Z /usr/sbin/bitcoind -rwxr-xr-x. root root system_u:object_r:bitcoin_exec_t:s0 /usr/sbin/bitcoind The bitcoin.if and bitcoin.te are as generated by the tool, though I can provide them if necessary. I expected the daemon to run as system_u. When the system boots, the daemon is started as system_u as expected, but not when I start or restart it with 'service bitcoin restart'. What's going on here and how do I fix it? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
