Hello! I created a small server app module that I included a custom socket type in: type plazerine_socket_t; typeattribute plazerine_socket_t file_type, non_auth_file_type, non_security_file_type; This is for a unix local stream socket, for which there is a file context rule: semanage fcontext -a -t plazerine_socket_t /usr/local/etc/plazerine/msgin The server executable is labeled 'plazerine_exec_t', and the process derived from it transistions to 'plazerine_t'. However, when it creates and opens the socket, the file always ends up typed `plazerine_exec_t` (requiring various socket oriented permissions on that type). There's no AVC denial to interpret (which is how I've mostly found my way around), and this isn't deal breaking for me -- in a sense having a separate type for the socket may be sort of redundant. OTOH, it would provide some more fined grained depending on how complex the system using the exec type is. Is there a right way to do this? I notice via `seinfo -t` there is a handful of what seem by name to be custom socket types, and they are defined typeattribute wise the same way I've done it above. This is on a policy v.33 fedora system, targeted, enforcing. - MK _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure