-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/02/2013 08:24 AM, Robert Gabriel wrote: > On 2 July 2013 13:49, Bryan Harris <bryanlharris@xxxxxx > <mailto:bryanlharris@xxxxxx>> wrote: > > Hi Robert, > > On Jul 02, 2013, at 06:45 AM, Robert Gabriel <ephemeric@xxxxxxxxx > <mailto:ephemeric@xxxxxxxxx>> wrote: >> [root@pluto ~]# service httpd start env: /etc/init.d/httpd: Permission >> denied > > I'm not an MLS expert by any means but I think you want to run a command > like so, > > run_init service httpd start > > Bryan > > > Thank you! > > I have read the entire RHEL 6 SELinux Guide (and now searched) and they > don't mention run_init anywhere! > > Thank you. > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > In targeted policy we allow unconfined_r roles to transition to system_r. But in MLS policy you are forced to run run_init to do the transition. Luckily most of this will disappear in RHEL7, since systemd will be starting system daemons, and we will not need this transition for most system daemons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHUBs8ACgkQrlYvE4MpobMCEgCeI2HwQdj4+dkybNxXGnYyDYHB AhUAoLRATmfNOojy0lVhIgeE1Yqq+T2j =NCO1 -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux