I have a service I want to start from systemd. The service startup goes like this: systemd ----> prog1[label: usr_t] ----> prog2[label: antivirus_exec_t] However, Fedora's SELinux policies prevent prog2 from starting. If I change prog2's label to bin_t or usr_t, the service starts fine. What in Fedora's policies bans antivirus_exec_t from running? Should I introduce a custom policy that allows that startup combination? If so, can you tell me what that rule would look like (or what document would give me the instructions). I already have a simple .te policy so I know the very basics. Or should I just label the file with bin_t and be done with it? BTW, this is not a sysadmin question. Rather it's a product installation question; the product should work out of the box on Fedora. Marko _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
