I have a service I want to start from systemd. The service startup goes
like this:
systemd ----> prog1[label: usr_t] ----> prog2[label: antivirus_exec_t]
However, Fedora's SELinux policies prevent prog2 from starting. If I
change prog2's label to bin_t or usr_t, the service starts fine.
What in Fedora's policies bans antivirus_exec_t from running?
Should I introduce a custom policy that allows that startup combination?
If so, can you tell me what that rule would look like (or what document
would give me the instructions). I already have a simple .te policy so I
know the very basics.
Or should I just label the file with bin_t and be done with it?
BTW, this is not a sysadmin question. Rather it's a product installation
question; the product should work out of the box on Fedora.
Marko