--- Stephen Smalley <sds@xxxxxxxxxxxxxx> wrote:
> On Fri, 2004-06-25 at 14:50, Earl wrote:
> > All,
> >
> > I'm just learning so forgive the trivial nature of
> the
> > question:
> >
> > FC2, Installed VMWare workstation 4.5x, unable to
> run
> > configuration script, just "yum-ed" so I'm up to
> date,
> > relableled, rebooted, still cannot run
> configuration
> > script...
> > [root@host root]# id
> > uid=0(root) gid=0(root)
>
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> > context=root:sysadm_r:sysadm_t
> > [root@host root]# /usr/bin/vmware-config.pl
> > Can't open perl script
> "/usr/bin/vmware-config.pl":
> > Permission denied
> > [root@host root]# ls -Z /usr/bin/vmware-config.pl
> > -r-xr-xr-x+ root root
> > system_u:object_r:vmware_exec_t
> > /usr/bin/vmware-config.pl
> >
> > Looks like a context problem to me but I am unsure
> > what to change... my context, that of the script
> > itself or modify context files and relabel?
> >
> > I have the docs, have been reading, but I have not
> > been able to understand some of the genreal
> concepts.
> >
> > Any advice will be appreciated.
>
> audit2allow -d -l | grep vmware_t should show you
> the relevant missing
> allow statements from the policy. On FC2, you can
> then add them to your
> policy by doing the following:
>
> yum install policy-sources
> cd /etc/security/selinux/src/policy
> audit2allow -d -l | grep vmware_t >>
> domains/misc/local.te
> make load
Already had policy-sources.
Did the rest, no I get:
# /usr/bin/vmware-config.pl
Setup is unable to find the "more" program on your
machine. Please make sure it is installed. Do you
want to specify the location of this program by hand?
[yes]
What is the location of the "more" program on your
machine? /bin/more
The answer "/bin/more" is invalid. It must be the
complete name of a binary file.
# ls -Z /bin/more
-rwxr-xr-x+ root root system_u:object_r:bin_t
/bin/more
> But I'm not clear that vmware-config.pl should be
> labeled vmware_exec_t
> at all (vs. bin_t). What is the advantage of
> running the configuration
> script in vmware_t vs. sysadm_t? There are no type
> transition rules for
> vmware_t (except for /var/run files), so it doesn't
> help keep the
> configuration in the right type.
>
> --
> Stephen Smalley <sds@xxxxxxxxxxxxxx>
> National Security Agency
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
