Once upon a time, Zdenek Pytela <zpytela(a)redhat.com> said:
On Sun, Nov 13, 2022 at 4:34 AM Chris Adams <linux(a)cmadams.net>
wrote:
> I am starting an SSH VPN connection with a systemd service. It's just a
> simple service, with an ExecStart to run ssh. If I wrap it with a shell
> (ExecStart=/bin/sh -c "/usr/bin/ssh %i"), it runs; if I take out the
> shell wrap (ExecStart=/usr/bin/ssh %i), it fails due to SELinux not
> allowing it. If I set permissive mode, there's a whole lot of different
> things that init_t is not allowed to do. :)
>
> So obviously I can just run with the shell wrapper, but is there a more
> proper way to do this?
>
You can create your own policy module and use e. g. the
init_system_domain() interface.
How would I go about doing that - is there a tutorial or something?
I've done basic things with local policy (mostly from running
audit2allow).
Does this need to be a system service or would user service also do
the job?
It's setting up a network interface, so I think that's more a system
than user service.
--
Chris Adams <linux(a)cmadams.net>