> add these two: > > openct_stream_connect(local_login_t) > > # assuming it may also want to stream connect to openct, in either case > this is the only existing interface that allows access to write > openct_var_run_t pid sock files. > > openct_signull(local_login_t) > There you go, thank you! There is one slight problem with this though - the above 3 macros (openct_read_pid_files, openct_stream_connect and openct_signull) CANNOT be directly inserted in locallogin.te as locallogin is a 'base' module (part of the policy) as openct is just a 'module' and if the above 3 macros are in locallogin.te that will produce out-of-scope error, so I do not know how this is going to be resolved without additional module or doing something else - my knowledge is still not enough to figure it out... -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
