Hey Juan

I'm troubleshooting the radicale policy but I cannot figure why the service fails to transition to radicale_t. It runs in the init_t domain.


is your module loaded? (semodule -l | grep radicale)

Do your files have correct labels? (ls -lZ /usr/bin/radicale )?


>  allow radicale_t bin_t:file execute;

might better use the corecmd_exec_bin()

http://oss.tresys.com/docs/refpolicy/api/kernel_corecommands.html#link_corecmd_exec_bin

> files_type(radicale_etc_t);

maybe better use files_config_file()

http://oss.tresys.com/docs/refpolicy/api/kernel_files.html#link_files_config_file

- Thomas