Hello, It seems I have to use Teamviewer. I downloaded and installed it. Now I'm trying to put together a policy module to make it run without putting SELinux in permissive mode. This program uses a daemon, and for this I've created a new domain: type teamviewerd_t; type teamviewerd_exec_t; init_daemon_domain(teamviewerd_t, teamviewerd_exec_t) /opt/teamviewer/tv_bin/teamviewerd -- gen_context(system_u:object_r:teamviewerd_exec_t,s0) Then I started to add "allow" rules. Ausearch tells me I get an AVC when "init_t" tries to use "execmem". I'm guessing this is because the execmem test is done before the type transition happens. Obviously, I don't want to allow init_t the execmem permission in general. Is there some good way around this? My best idea so far is to create a wrapper binary, give this wrapper the teamviewerd_exec_t type, and let it do exec() on the real teamviewerd program. But it feels a bit clumsy. Are there more direct ways to do it? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx