Il 05/07/2016 18:46, Gordon Messmer ha scritto: > On 07/05/2016 08:21 AM, Alessandro Baggi wrote: >> What are the meaning of rules on pol.te > > https://wiki.centos.org/HowTos/SELinux > The CentOS howto has some information, and links to additional resources. > > The policy should be pretty easy to read, though. You have one rule, > "allow bacula_t systemd_systemctl_exec_t:file execute." Each word in > that rule, except for "allow" is defined somewhere, and has to be > loaded, so they are each individually loaded in the "require" block. > >> and why bacula can't do transiction between context? > > > The easiest way to write a policy is to apply labels and run an > application in permissive mode. Using the AVCs that are logged, a new > policy can be generated. The short answer is, you're doing something > that the people who developed the SELinux policy didn't do while writing > the policy. If the thing that you're doing is standard or best > practice, you might consider that a bug and file a report to have the > policy extended. However, I suspect that restarting services is not a > standard practice, so the local policy that you've generated is the best > solution. > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > Thanks for your answer