2016-06-20 17:43 GMT+02:00 Jeremy Young <jrm16020@xxxxxxxxx>: > execute_no_trans is a permission which allows for execution of a file > without performing any transitions, executing it in the caller's domain > instead. Adding that permission with a custom module should be ok. > audit2allow is one way to generate that module. > > I think I'd still go with the first option I offered and set the SELinux > context for your script in your unit file. I've discovered what happens here. Looks like the NoNewPrivileges=true is blocking the domain transition. After removing that directive, the service works as expected. This behavior is something new, as it worked in F23. Don't know if it's intended or not. Thanks for your help. -- Juan Orti https://apuntesderootblog.wordpress.com/ -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
