Re: SELinux fails to apply local policy module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/14/2013 06:38 PM, Suvayu Ali wrote:
> Hi,
> 
> I use CrossOver (based on Wine) to run a Windows game.  Everytime CrossOver
> runs something, I get this avc denial.
> 
> SELinux is preventing wine-preloader from mmap_zero access on the 
> memprotect .
> 
> Raw Audit Messages from sealert:
> 
> type=AVC msg=audit(1365802456.473:13663): avc: denied { mmap_zero } for
> pid=24734 comm="wine-preloader" 
> scontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 
> tcontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 tclass=memprotect
> 
> So I tried following the instructions to generate a local policy module:
> 
> # grep wine-preloader /var/log/audit/audit.log | audit2allow -M mypol #
> semodule -i mypol.pp
> 
> But this fails like this:
> 
> libsepol.scope_copy_callback: passanger: Duplicate declaration in module:
> type/attribute passenger_tmp_t (No such file or directory). 
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
> directory).  semodule: Failed!
> 
> So I have two questions, 1. is something missing in my system that the
> above fails? 2. is there a better way to resolve this other than generating
> a local policy module?
> 
> Thanks in advance,
> 
> PS: I am almost clueless about SELinux, so please bear with me.
> 

Does your application work?  If yes then no  reason to allow this avc.

Looks like you have an old policy module that has crufted up your system.

locate passanger.pp

Try

semodule -r passanger

What OS is this?  rhel6?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFsI0gACgkQrlYvE4MpobNFAgCbBNHVHEGve4Ri0MfkU4nhB2jS
n5cAnRb9XWZ/9dQ/zj7KMA16vZZfVQdh
=C/GG
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux