Idiomatic solution for tiny systemd "services"?
Daniel J Walsh
dwalsh at redhat.com
Sun Feb 15 13:44:07 UTC 2015
On 02/11/2015 08:51 PM, Robin Lee Powell wrote:
> Hey all. I have a tiny web service that I'm running with a ruby
> script in ~/.rvm/ , and I'd like to run it out of systemd (just to
> keep it running always), but init_t can't read or execute
> user_home_t.
>
> Nor can init_t run runcon.
>
> Basically, I can't figure out any way to transition from systemd's
> init_t to my user's type (staff_t).
>
> So what's the idiomatic way to handle that sort of thing?
>
init_t should be transitioning to a context that can read content in the
users
homedir. What is the label on the ruby script?
Which policy are you using? Do you have unconfined.pp disabled?
Also do you have the actual avcs you are seeing?
More information about the selinux
mailing list