On 03/13/2015 01:24 PM, Andrew Holway wrote: > Hallo, > > Could someone please lend a hand with this issue? > > https://www.redhat.com/archives/freeipa-users/2015-March/msg00345.html > > When I run ipa-server-install from Saltstack it is breaking. I imagine > this is because the script is being run in an unexpected domain > (init_t rather than unconfined_t). How is it launched? How much control do you have over how it is launched? If you can just modify its init script or unit file or whatever, you could either have it invoke runcon with an explicit context to run in the desired context or put the launch command in a script file and label it with an appropriate _exec_t type to transition automatically into the desired domain. That said, neither initrc_t nor unconfined_t are particularly desirable domains; it should really have its own domain. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
