rtorrent as a systemd service (with selinux module)

gistfile1.txt

## rtorrent as a service
# /etc/systemd/system/rtorrent.service
[Unit]
Description=rTorrent Daemon
After=network.target

[Service]
Type=forking
KillMode=none
RemainAfterExit=true
User=ryan
Group=ryan
ExecStart=/usr/bin/tmux -2 new-session -d -s rtorrent rtorrent
ExecStop=/usr/bin/tmux kill-session -t rtorrent
WorkingDirectory=/home/ryan
#ExecStart=/usr/bin/tmux new-session -c /home/ryan/Torrents -s rtorrent -n rtorrent -d rtorrent
#ExecStop=/usr/bin/bash -c "/usr/bin/tmux send-keys -t rtorrent C-q && while pidof rtorrent > /dev/null; do sleep 0.5; done"
#WorkingDirectory=%h
#Restart=on-failure

[Install]
WantedBy=default.target


## SELinux Module

# rtorrent_service.te


module rtorrent_service 1.0;

require {
        type user_tmp_t;
        type xdm_t;
        type screen_exec_t;
        type dhcpc_var_run_t;
        type avahi_t;
        type init_t;
        type devpts_t;
        type virt_var_run_t;
        type ptmx_t;
        class dbus send_msg;
        class file { create execute execute_no_trans getattr map open read write };
        class chr_file { ioctl open read write };
}

#============= init_t ==============
allow init_t devpts_t:chr_file open;
allow init_t ptmx_t:chr_file { ioctl open read write };
allow init_t screen_exec_t:file { execute execute_no_trans map open read };
allow init_t user_tmp_t:file { create write };

#============= xdm_t ==============

allow xdm_t avahi_t:dbus send_msg;
allow xdm_t dhcpc_var_run_t:file getattr;
allow xdm_t virt_var_run_t:file getattr;

# audit2allow -a -M rtorrent_service.te
# semodule -i rtorrent_service.pp