2016-06-20 17:43 GMT+02:00 Jeremy Young <jrm16020(a)gmail.com>:
execute_no_trans is a permission which allows for execution of a
file
without performing any transitions, executing it in the caller's domain
instead. Adding that permission with a custom module should be ok.
audit2allow is one way to generate that module.
I think I'd still go with the first option I offered and set the SELinux
context for your script in your unit file.
I've discovered what happens here.
Looks like the NoNewPrivileges=true is blocking the domain transition.
After removing that directive, the service works as expected.
This behavior is something new, as it worked in F23. Don't know if
it's intended or not.
Thanks for your help.
--
Juan Orti
https://apuntesderootblog.wordpress.com/