On 02/15/2015 06:51 PM, Robin Lee Powell wrote:
On Sun, Feb 15, 2015 at 08:44:07AM -0500, Daniel J Walsh wrote:
> On 02/11/2015 08:51 PM, Robin Lee Powell wrote:
>> Hey all. I have a tiny web service that I'm running with a ruby
>> script in ~/.rvm/ , and I'd like to run it out of systemd (just
>> to keep it running always), but init_t can't read or execute
>> user_home_t.
>>
>> Nor can init_t run runcon.
>>
>> Basically, I can't figure out any way to transition from
>> systemd's init_t to my user's type (staff_t).
>>
>> So what's the idiomatic way to handle that sort of thing?
>>
> init_t should be transitioning to a context that can read content
> in the users homedir. What is the label on the ruby script?
user_home_t; I had no idea what to try.
> Which policy are you using?
Whatever comes with F20.
> Do you have unconfined.pp disabled?
Yes.
> Also do you have the actual avcs you are seeing?
Uh, not anymore I'm afraid; I had to find a workaround and move on.
I can regenerate them if it's important?
How does your unit file look for this service?