On 09/17/2015 10:29 AM, Michael Bunk wrote:
Yes, but I think run_init is supposed to be run with init scripts, not the respective daemon:
run_init /etc/init.d/httpd
On the other hand, httpd's init script doesn't have initrc_exec_t, but its own "initrc_exec_t subtype":
# ls -Z /etc/init.d/httpd -rwxr-xr-x. root root system_u:object_r:httpd_initrc_exec_t:s0 /etc/init.d/httpd
So best would be to just do "service httpd start", which will call the corresponding init script, where the proper transitions will happen.
Sure. My point are about a way how to get a service running with correct SELinux identities using a service script on RHEL6.
Best regards, Michael
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux