Roman wrote: > Hello > > ~$ uname -a > Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3+deb7u1 x86_64 GNU/Linux > > > <kernel> /bin/netstat > use_profile 3 > use_group 0 > > > initialize_domain /bin/netstat from any > > -> > > ~$ netstat > bash: /bin/netstat: Operation not permitted > > Good > Not good at all. Imagine the following case. $ cat /bin/netstat > /tmp/netstat $ chmod +x /tmp/netstat $ /tmp/netstat > But > > ~$ /lib64/ld-linux-x86-64.so.2 /bin/netstat > Active Internet connections (w/o servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > tcp 0 0 local:42109 la-in-f188.1e100.n:5228 ESTABLISHED > ..... > > How fix it? > If you want to fix it, you need to stop using blacklisting. Blacklisting is by nature so easy to bypass. That said, the following is a placebo. <kernel> /lib64/ld-linux-x86-64.so.2 use_profile 3 use_group 0 initialize_domain /lib64/ld-linux-x86-64.so.2 from any