From: dominick.grift@gmail.com (Dominick Grift) Date: Tue, 10 Dec 2013 15:57:50 +0100 Subject: [refpolicy] [PATCH 5/5] Make direct_sysadm_daemon apply to unconfined_t In-Reply-To: <20131207192102.GA19262@d30> References: <20131207192102.GA19262@d30> Message-ID: <1386687470.18689.71.camel@d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sat, 2013-12-07 at 20:21 +0100, Dominick Grift wrote: > Currently init_run_daemon is called unconditionally for unconfined_t. > Yet unconfined_u is not associated with system_r. Probably best to get rid of direct_initrc and init_run_daemon altogether as i causes fundamental problems with executables that can be run both by the system as well as users I hit this issue before with recently with git-daemon, and pulseaudio suffers the same problems With systemd we dont have that issue anymore of having to role transition to system_r if we want to start a service on behalf of the system