Hi Daniel, On Mon, Apr 15, 2013 at 08:56:56AM -0700, Daniel J Walsh wrote: > > Does your application work? If yes then no reason to allow this avc. It takes a while to start, but my application does work. Is it then possible to just ignore the alerts for this particular case. I would also prefer not to mess with my policies, lack of understanding being the main reason. That said, I do have another similar problem with a game in steam: SELinux is preventing /home/user/.local/share/Steam/ubuntu12_32/steam from using the execheap access on a process. Raw Audit Messages: type=AVC msg=audit(1365646731.47:8579): avc: denied { execheap } for pid=6561 comm="steam" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1365646731.47:8579): arch=i386 syscall=capget success=no exit=EACCES a0=a937000 a1=c000 a2=7 a3=ffbe844c items=0 ppid=1804 pid=6561 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 ses=2 tty=pts9 comm=steam exe=/home/jallad/.local/share/Steam/ubuntu12_32/steam subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Hash: steam,unconfined_t,unconfined_t,process,execheap This time however, the application does not work. Again, adding the custom policy fails in exactly the same manner. > Looks like you have an old policy module that has crufted up your system. This is up to date F18: selinux-policy-3.11.1-87.fc18.noarch. > locate passanger.pp This does not return anything. > semodule -r passanger libsepol.scope_copy_callback: qpidd: Duplicate declaration in module: type/attribute qpidd_var_lib_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! The only time I messed with SELinux was when I installed a few custom file contexts for a change root environment I use for my work. # semanage -o fcontext boolean -D login -D login -a -s unconfined_u -r 's0-s0:c0.c1023' __default__ login -a -s unconfined_u -r 's0-s0:c0.c1023' root login -a -s system_u -r 's0-s0:c0.c1023' system_u user -D port -D interface -D node -D fcontext -D fcontext -a -f 'directory' -t root_t '/home/slc5' fcontext -a -f 'directory' -t mnt_t '/home/slc5/afs' fcontext -a -f 'directory' -t lib_t '/home/slc5/lib64' fcontext -a -f 'all files' -t lib_t '/home/slc5/lib64.*' fcontext -a -f 'directory' -t usr_t '/home/slc5/local' fcontext -a -f 'all files' -t usr_t '/home/slc5/local.*' fcontext -a -e /home/slc5/media /media fcontext -a -e /home/slc5/tmp /tmp fcontext -a -e /home/slc5/proc /proc fcontext -a -e /home/slc5/root /root fcontext -a -e /home/slc5/dev /dev fcontext -a -e /home/slc5/sys /sys fcontext -a -e /home/slc5/selinux /selinux fcontext -a -e /home/slc5/srv /srv fcontext -a -e /home/slc5/opt /opt fcontext -a -e /home/slc5/etc /etc fcontext -a -e /home/slc5/var /var fcontext -a -e /home/slc5/home /home fcontext -a -e /home/slc5/mnt /mnt fcontext -a -e /home/slc5/boot /boot fcontext -a -e /home/slc5/bin /bin fcontext -a -e /home/slc5/sbin /sbin fcontext -a -e /home/slc5/lib /lib fcontext -a -e /home/slc5/usr /usr > What OS is this? rhel6? F18. Thanks in advance. -- Suvayu Open source is the future. It sets us free. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org