On 02/15/2015 06:51 PM, Robin Lee Powell wrote:
On Sun, Feb 15, 2015 at 08:44:07AM -0500, Daniel J Walsh wrote:
On 02/11/2015 08:51 PM, Robin Lee Powell wrote:
Hey all. I have a tiny web service that I'm running with a ruby
script in ~/.rvm/ , and I'd like to run it out of systemd (just
to keep it running always), but init_t can't read or execute
user_home_t.
Nor can init_t run runcon.
Basically, I can't figure out any way to transition from
systemd's init_t to my user's type (staff_t).
So what's the idiomatic way to handle that sort of thing?
init_t should be transitioning to a context that can read content
in the users homedir. What is the label on the ruby script?
user_home_t; I had no idea what to try.
Which policy are you using?
Whatever comes with F20.
Do you have unconfined.pp disabled?
Yes.
Also do you have the actual avcs you are seeing?
Uh, not anymore I'm afraid; I had to find a workaround and move on.
I can regenerate them if it's important?
How does your unit file look for this service?
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
