[Linux] nyanpasu-service install is not compatible with SELinux

[latin-1]

By default, files in /var/lib are labelled with the type var_lib_t, which cannot be launched by a systemd service. The service binary should be labelled as type bin_t.

If SELinux detected, those additional commands should be executed after file installation.

sudo semanage fcontext -a -t bin_t /var/lib/nyanpasu-service/nyanpasu-service
sudo restorecon /var/lib/nyanpasu-service/nyanpasu-service

Alternatively, shall we use /usr/bin/nyanpasu-service rather than installing it to /var/lib, if possible? (/usr/bin/nyanpasu-service binary is already included in the rpm package)

See: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-working_with_selinux-selinux_contexts_labeling_files

[greenhat616]

As the description, is it enough that put the service binary below /usr/bin?

[latin-1]

@greenhat616 Yes, by default, the file labels are inherited from the parent folder. /usr/bin definitely has the bin_t label. However, if the file already exists (e.g. installed from the rpm package), it should not be overwritten.

[greenhat616]

I have released v1.1.1 with that got fixed