search for: systemd_systemctl_exec_t

...red successfully httpd, smbd. Today I've noticed that my bacula system does not work due to selinux denied because when bacula try to run pre/post job script I get access denied due to differences about context. Bacula is on bacula_t and in pre script I call commands in other context like: systemd_systemctl_exec_t ... (and other) Reading from RHEL DOC (SELinux Guide) I can accomplish to remove denied access using audit2allow and creating TE rules. I've runned: grep systemctl /var/log/audit/audit.log | audit2allow -M pol and I got 2 files pol.pp (compiled) and pol.te. pol.te reports: require {...

On 07/05/2016 08:21 AM, Alessandro Baggi wrote: > What are the meaning of rules on pol.te https://wiki.centos.org/HowTos/SELinux The CentOS howto has some information, and links to additional resources. The policy should be pretty easy to read, though. You have one rule, "allow bacula_t systemd_systemctl_exec_t:file execute." Each word in that rule, except for "allow" is defined somewhere, and has to be loaded, so they are each individually loaded in the "require" block. > and why bacula can't do transiction between context? The easiest way to write a policy is to ap...