-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/14/2013 06:38 PM, Suvayu Ali wrote: > Hi, > > I use CrossOver (based on Wine) to run a Windows game. Everytime CrossOver > runs something, I get this avc denial. > > SELinux is preventing wine-preloader from mmap_zero access on the > memprotect . > > Raw Audit Messages from sealert: > > type=AVC msg=audit(1365802456.473:13663): avc: denied { mmap_zero } for > pid=24734 comm="wine-preloader" > scontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 tclass=memprotect > > So I tried following the instructions to generate a local policy module: > > # grep wine-preloader /var/log/audit/audit.log | audit2allow -M mypol # > semodule -i mypol.pp > > But this fails like this: > > libsepol.scope_copy_callback: passanger: Duplicate declaration in module: > type/attribute passenger_tmp_t (No such file or directory). > libsemanage.semanage_link_sandbox: Link packages failed (No such file or > directory). semodule: Failed! > > So I have two questions, 1. is something missing in my system that the > above fails? 2. is there a better way to resolve this other than generating > a local policy module? > > Thanks in advance, > > PS: I am almost clueless about SELinux, so please bear with me. > Does your application work? If yes then no reason to allow this avc. Looks like you have an old policy module that has crufted up your system. locate passanger.pp Try semodule -r passanger What OS is this? rhel6? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlFsI0gACgkQrlYvE4MpobNFAgCbBNHVHEGve4Ri0MfkU4nhB2jS n5cAnRb9XWZ/9dQ/zj7KMA16vZZfVQdh =C/GG -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org