> > > > optional_policy(` > > iotop_run(sysadm_t, sysadm_r) > > ') > Yes, this is correct way how to make it working. > > > > I think that i'm missing something related to the sysadm_r roles. What's > > the correct way to edit the policy to allow sysadm_r to run iotop_t > > correctly? Tips would be appreciated. > > > > > It's about netlink_socket against netlink_route_socket. You need to also add > > allow iotop_t self:netlink_socket create_socket_perms; > > I added it to Fedora. > > Thanks for looking into this. What's the commit link so I can have a look at what you added? -- William <william@xxxxxxxxxxxxxxx> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
