On 04/20/2015 01:21 AM, William wrote: > >>> >>> optional_policy(` >>> iotop_run(sysadm_t, sysadm_r) >>> ') >> Yes, this is correct way how to make it working. >>> >>> I think that i'm missing something related to the sysadm_r roles. What's >>> the correct way to edit the policy to allow sysadm_r to run iotop_t >>> correctly? Tips would be appreciated. >>> >>> >> It's about netlink_socket against netlink_route_socket. You need to also add >> >> allow iotop_t self:netlink_socket create_socket_perms; >> >> I added it to Fedora. >> >> > > Thanks for looking into this. What's the commit link so I can have a > look at what you added? > > https://github.com/fedora-selinux/selinux-policy/commit/fb187f901807bd02246dea575df21666a338bb86 -- Miroslav Grepl Software Engineering, SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
