5quinque/gist:ae3d8fa3ddedd8ae447eccd93d07d056

## gistfile1.txt
## rtorrent as a service
# /etc/systemd/system/rtorrent.service
[Unit]
Description=rTorrent Daemon
After=network.target

[Service]
Type=forking
KillMode=none
RemainAfterExit=true
User=ryan
Group=ryan
ExecStart=/usr/bin/tmux -2 new-session -d -s rtorrent rtorrent
ExecStop=/usr/bin/tmux kill-session -t rtorrent
WorkingDirectory=/home/ryan
#ExecStart=/usr/bin/tmux new-session -c /home/ryan/Torrents -s rtorrent -n rtorrent -d rtorrent
#ExecStop=/usr/bin/bash -c "/usr/bin/tmux send-keys -t rtorrent C-q && while pidof rtorrent > /dev/null; do sleep 0.5; done"
#WorkingDirectory=%h
#Restart=on-failure

[Install]
WantedBy=default.target


## SELinux Module

# rtorrent_service.te


module rtorrent_service 1.0;

require {
        type user_tmp_t;
        type xdm_t;
        type screen_exec_t;
        type dhcpc_var_run_t;
        type avahi_t;
        type init_t;
        type devpts_t;
        type virt_var_run_t;
        type ptmx_t;
        class dbus send_msg;
        class file { create execute execute_no_trans getattr map open read write };
        class chr_file { ioctl open read write };
}

#============= init_t ==============
allow init_t devpts_t:chr_file open;
allow init_t ptmx_t:chr_file { ioctl open read write };
allow init_t screen_exec_t:file { execute execute_no_trans map open read };
allow init_t user_tmp_t:file { create write };

#============= xdm_t ==============

allow xdm_t avahi_t:dbus send_msg;
allow xdm_t dhcpc_var_run_t:file getattr;
allow xdm_t virt_var_run_t:file getattr;

# audit2allow -a -M rtorrent_service.te
# semodule -i rtorrent_service.pp
	## rtorrent as a service
	# /etc/systemd/system/rtorrent.service
	[Unit]
	Description=rTorrent Daemon
	After=network.target

	[Service]
	Type=forking
	KillMode=none
	RemainAfterExit=true
	User=ryan
	Group=ryan
	ExecStart=/usr/bin/tmux -2 new-session -d -s rtorrent rtorrent
	ExecStop=/usr/bin/tmux kill-session -t rtorrent
	WorkingDirectory=/home/ryan
	#ExecStart=/usr/bin/tmux new-session -c /home/ryan/Torrents -s rtorrent -n rtorrent -d rtorrent
	#ExecStop=/usr/bin/bash -c "/usr/bin/tmux send-keys -t rtorrent C-q && while pidof rtorrent > /dev/null; do sleep 0.5; done"
	#WorkingDirectory=%h
	#Restart=on-failure

	[Install]
	WantedBy=default.target


	## SELinux Module

	# rtorrent_service.te


	module rtorrent_service 1.0;

	require {
	type user_tmp_t;
	type xdm_t;
	type screen_exec_t;
	type dhcpc_var_run_t;
	type avahi_t;
	type init_t;
	type devpts_t;
	type virt_var_run_t;
	type ptmx_t;
	class dbus send_msg;
	class file { create execute execute_no_trans getattr map open read write };
	class chr_file { ioctl open read write };
	}

	#============= init_t ==============
	allow init_t devpts_t:chr_file open;
	allow init_t ptmx_t:chr_file { ioctl open read write };
	allow init_t screen_exec_t:file { execute execute_no_trans map open read };
	allow init_t user_tmp_t:file { create write };

	#============= xdm_t ==============

	allow xdm_t avahi_t:dbus send_msg;
	allow xdm_t dhcpc_var_run_t:file getattr;
	allow xdm_t virt_var_run_t:file getattr;

	# audit2allow -a -M rtorrent_service.te
	# semodule -i rtorrent_service.pp