On 1 Mar 2017 10:41 pm, "Ian Pilcher" <arequipeno@gmail.com> wrote:

I am using systemd's RuntimeDirectory to create a directory for a
service.

   RuntimeDirectory=squoxy

This causes systemd to create /run/squoxy before starting my service,
but I haven't been able to get the SELinux context set correctly on the
directory.

I've set file context rules for both /run/squoxy and /var/run/squoxy:

^/var/run/squoxy(/.*)?  all files  system_u:object_r:squoxy_var_run_t:s0
^/run/squoxy(/.*)?      all files  system_u:object_r:squoxy_var_run_t:s0

And, indeed, restorecon will set the context of the directory to
squoxy_var_run_t.

I've also added a type transition rule, attempting to get the correct
context applied automatically when systemd creates the directory:

type_transition init_t var_run_t : dir squoxy_var_run_t "squoxy";

Can you try a transition from initrc_t or the interface
init_daemon_pid_file()

But the directory is still being created as var_run_t:

drwxr-xr-x. nobody nobody system_u:object_r:var_run_t:s0   /run/squoxy

What am I doing wrong?

-- 
========================================================================
Ian Pilcher                                         arequipeno@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to
Selinux-request@tycho.nsa.gov.