On Mon, 9 Oct 2017, Stephen Smalley wrote: > On Oct 8, 2017 9:54 PM, "James Morris" <jmorris@xxxxxxxxx> wrote: > > On Thu, 5 Oct 2017, Stephen Smalley wrote: > > > inet_socket test failures are expected due to running in a non-init > > network namespace; they don't work even without unsharing the selinux > > namespace. > > Do these results all look as expected? > > > No, that suggests that you either didn't insert the policy module allowing > access to unlabeled fds or you didn't run restorecon -R /dev before running > the tests. The only expected failures are the inet socket ones. > Looking better now -- I think it was the restorecon. -- James Morris <jmorris@xxxxxxxxx>
