On Sun, 2014-01-19 at 09:19 +0300, jiun bookworm wrote: > Thanks for that, > > infortunately im still not there yet, > > now the application runs in initrc_t (it was remaining in init_t) > > this is how the policy looks like (from your and bigons advice): Make sure that the "daemon entry file" is labeled myapp_exec_t so for example if the unit file has execstart=/usr/sbin/bla (or whatever) then: chcon -t myapp_exec_t /usr/sbin/bla The transition happens on the daemon entry file so that must be labeled accordingly (myapp_exec_t) -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
