On 04/30/2015 11:55 PM, Tracy Reed wrote: > runcon p16001_u:myapp_r:myapp_t:s0:c1 /myapp/startup.sh You missed role myapp_r types myapp_t; which will allow you to run runcon and have a transition to myapp_t. But then you get additional AVCs so I would add domain_type(myapp_t) at least. -- Miroslav Grepl Software Engineering, SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
