Running iotop as sysadm_r
Miroslav Grepl
mgrepl at redhat.com
Mon Apr 20 08:13:03 UTC 2015
On 04/20/2015 01:21 AM, William wrote:
>
>>>
>>> optional_policy(`
>>> iotop_run(sysadm_t, sysadm_r)
>>> ')
>> Yes, this is correct way how to make it working.
>>>
>>> I think that i'm missing something related to the sysadm_r roles. What's
>>> the correct way to edit the policy to allow sysadm_r to run iotop_t
>>> correctly? Tips would be appreciated.
>>>
>>>
>> It's about netlink_socket against netlink_route_socket. You need to also add
>>
>> allow iotop_t self:netlink_socket create_socket_perms;
>>
>> I added it to Fedora.
>>
>>
>
> Thanks for looking into this. What's the commit link so I can have a
> look at what you added?
>
>
https://github.com/fedora-selinux/selinux-policy/commit/fb187f901807bd02246dea575df21666a338bb86
--
Miroslav Grepl
Software Engineering, SELinux Solutions
Red Hat, Inc.
More information about the selinux
mailing list