Re: with extended_socket_class should be still be seeing "socket"?

On Tue, Sep 12, 2017 at 1:36 PM, Dominick Grift wrote: > On Tue, Sep 12, 2017 at 12:01:35PM -0400, Stephen Smalley wrote: >> On Sep 12, 2017 7:01 AM, "Dominick Grift" wrote: >> >> I have extended socket class polcap enabled but i am still seeing

Re: with extended_socket_class should be still be seeing "socket"?

On Tue, Sep 12, 2017 at 12:01:35PM -0400, Stephen Smalley wrote: > On Sep 12, 2017 7:01 AM, "Dominick Grift" wrote: > > I have extended socket class polcap enabled but i am still seeing "socket" > class events and i was wondering whether that is to be expected? > > avc:

Re: with extended_socket_class should be still be seeing "socket"?

On Sep 12, 2017 7:01 AM, "Dominick Grift" wrote: I have extended socket class polcap enabled but i am still seeing "socket" class events and i was wondering whether that is to be expected? avc: denied { create } for pid=10484 comm="nethogs" scontext=wheel.id:

with extended_socket_class should be still be seeing "socket"?

I have extended socket class polcap enabled but i am still seeing "socket" class events and i was wondering whether that is to be expected? avc: denied { create } for pid=10484 comm="nethogs" scontext=wheel.id:sysadm.role:nethogs.subj:s0 tcontext=wheel.id:sysadm.role:nethogs.subj:s0