Tvheadend

I'm genuinely clueless here - I've learned something new, in that I didn't even know about SELinux! - but this page seems good:

https://wiki.gentoo.org/wiki/SELinux/Tutorials/Permissive_versus_enforcing

as does:

http://wiki.centos.org/HowTos/SELinux

It suggests that permissive mode should log what would otherwise have been blocked; also ls -Z and ps -Z should give you the SELinux information you need. I'm guessing based on five minutes on Google, though: whether any of this will give you enough information to work out what domain (context?) you need to enable (e.g. based on userID), I can't say.

The problem appears to be SELinux prevents a process (avahi-daemon) with type avahi_t from send_msg to a process (tvheadend) of type init_t. This can easily be fixed by creating a custom policy using audit2allow -M custom_policy_name <file_containing_avc. However, I don't think tvheadend should be running with type init_t instead I believe it should be initrc_t, a type avahi_t can send_msg to with the default SELinux policies. Unfortunately I do not know why my tvheadend service's process runs as type init_t and I do not know how to change that. Current only two processes run on my system as type init_t, those are tvheadend and systemd. That especially makes me feel like tvheadend should not be running as type init_t, but I am no expert on SELinux process types.

I found the answer to this problem on the serverfault forums. Check out this very informative explanation of the problem. Ultimately it seems an SELinux policy should be written for tvheadend. Until then the solution provided in the link works exactly as described without turning off SELinux, running any processes in permissive mode, or modifying/adding policies.