On 1 Mar 2017 10:41 pm, "Ian Pilcher" <arequipeno@xxxxxxxxx> wrote:
I am using systemd's RuntimeDirectory to create a directory for a
service.
RuntimeDirectory=squoxy
This causes systemd to create /run/squoxy before starting my service,
but I haven't been able to get the SELinux context set correctly on the
directory.
I've set file context rules for both /run/squoxy and /var/run/squoxy:
^/var/run/squoxy(/.*)? all files system_u:object_r:squoxy_var_run_t:s0
^/run/squoxy(/.*)? all files system_u:object_r:squoxy_var_run_t:s0
And, indeed, restorecon will set the context of the directory to
squoxy_var_run_t.
I've also added a type transition rule, attempting to get the correct
context applied automatically when systemd creates the directory:
type_transition init_t var_run_t : dir squoxy_var_run_t "squoxy";
Can you try a transition from initrc_t or the interface init_daemon_pid_file()
But the directory is still being created as var_run_t:
drwxr-xr-x. nobody nobody system_u:object_r:var_run_t:s0 /run/squoxy
What am I doing wrong?
--
============================================================ ============
Ian Pilcher arequipeno@xxxxxxxxx
-------- "I grew up before Mark Zuckerberg invented friendship" --------
============================================================ ============
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
