>>> hmm... i am not sure about this but maybe: >>> >>> role system_r types setfiles_mac_t; >>> >>> helps here.. >>> >>> >> What do you mean? >> > > Add that rule to the running policy: > > > policy_module(myseutils, 1.0.0) > gen_require(` > type setfiles_mac_t; > role system_r; > ') > role system_r types setfiles_mac_t; > > ... > make -f /usr/share/selinux/devel/Makefile myseutils.pp > sudo semodule -i myseutils.pp > > Again, this is a shot in the dark... > YES! This did the trick - no errors and when I log in with qemu and type "semanage port -l | grep ssh" I am getting my own port and nothing else (I did just one modification to see whether it will work). Brilliant! -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
