From: dominick.grift@gmail.com (Dominick Grift)
Date: Tue, 10 Dec 2013 15:57:50 +0100
Subject: [refpolicy] [PATCH 5/5] Make direct_sysadm_daemon apply to
 unconfined_t
In-Reply-To: <20131207192102.GA19262@d30>
References: <20131207192102.GA19262@d30>
Message-ID: <1386687470.18689.71.camel@d30>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sat, 2013-12-07 at 20:21 +0100, Dominick Grift wrote:
> Currently init_run_daemon is called unconditionally for unconfined_t.
> Yet unconfined_u is not associated with system_r.

Probably best to get rid of direct_initrc and init_run_daemon altogether
as i causes fundamental problems with executables that can be run both
by the system as well as users

I hit this issue before with recently with git-daemon, and pulseaudio
suffers the same problems

With systemd we dont have that issue anymore of having to role
transition to system_r if we want to start a service on behalf of the
system