Re: Idiomatic solution for tiny systemd "services"?
On 02/11/2015 08:51 PM, Robin Lee Powell wrote:
Hey all. I have a tiny web service that I'm running with a ruby
script in ~/.rvm/ , and I'd like to run it out of systemd (just to
keep it running always), but init_t can't read or execute
user_home_t.
Nor can init_t run runcon.
Basically, I can't figure out any way to transition from systemd's
init_t to my user's type (staff_t).
So what's the idiomatic way to handle that sort of thing?
init_t should be transitioning to a context that can read content in the
users
homedir. What is the label on the ruby script?
Which policy are you using? Do you have unconfined.pp disabled?
Also do you have the actual avcs you are seeing?