On Mon, Nov 09, 2015 at 06:08:11AM -0800, Mark Milhollan wrote: > It allows (even forces) a "dirty" environment to be provided to the > service (which is seldom wanted or expected), does not ensure that the > current tty cannot be the controlling tty for the service (which > sometimes matters) and leaves the CWD unchanged instead of ensuring / is > used (which sometimes matters). A quick viewing of /sbin/service on C6 makes me think you might be mistaken here. There's clearly a 'cd /' and an 'env -i' there. It does preserve $PATH though (also $TERM), which I view as a dirty environment. > No revision of the service command took > place to cope with context when SELinux appeared and so the service > inherits the current context, usually unconfined (which is wildly > wrong). Sometimes doing it this way is useful, but not often and when > it is one can invoke the service's init script directly. I'm pretty sure that what happens is that service runs the service scripts in /etc/rc.d/init.d/, which all have labels on them that indicate what entrypoint type they run under, which is by default 'initrc_exec_t' but I see several have their own special label, such as sshd having sshd_initrc_exec_t. If 'service' were just sourcing the init.d files instead of executing them, it would be different, but it does execute them, and since the init scripts have an entrypoint type to transition to the appropriate initrc domain. -- Jonathan Billings <billings at negate.org>