From Fedora Project Wiki
RPM Package and SELinux
There probably should be two separate SELinux policy modules for the two different ways Bitcoin Core is used.
- System Service bitcoind
- Should have its datadir somewhere like %{_datadir}bitcoind/ which expands to /var/lib/bitcoind/
- Config file
%config(noreplace) %{_datadir}/bitcoind/bitcoin.confwith wallet disabled by default, but they could enable it with wallet=1 if they really want it. - With system username like:
bitcoinservice - Wrapper should launch bitcoind in a context named like:
bitcoindservice_t - %doc README-FEDORA-BITCOIN-SERVICE should probably explain how the service is meant to be configured, used and controlled with bitcoin-cli or RPC/REST interfaces as the non-default datadir does not match upstream documentation and it thus may be non-obvious to users.
- User service bitcoind and bitcoin-qt
- The most common way in which Bitcoin Core users run their own bitcoind or bitcoin-qt with is as a non-root user with datadir
~/.bitcoin/. - There should be a separate user homedir SELinux policy for bitcoind and bitcoin-qt operated in this manner.
- The most common way in which Bitcoin Core users run their own bitcoind or bitcoin-qt with is as a non-root user with datadir