On 02/11/2015 08:51 PM, Robin Lee Powell wrote: > Hey all. I have a tiny web service that I'm running with a ruby > script in ~/.rvm/ , and I'd like to run it out of systemd (just to > keep it running always), but init_t can't read or execute > user_home_t. > > Nor can init_t run runcon. > > Basically, I can't figure out any way to transition from systemd's > init_t to my user's type (staff_t). > > So what's the idiomatic way to handle that sort of thing? > init_t should be transitioning to a context that can read content in the users homedir. What is the label on the ruby script? Which policy are you using? Do you have unconfined.pp disabled? Also do you have the actual avcs you are seeing? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux