Matthew Saltzman wrote:
On Mon, 3 Apr 2006, Tom London wrote:
On 4/3/06, Matthew Saltzman <mjs@xxxxxxxxxxxxxxx> wrote:
Running vmware workstation in FC5 with
selinux-policy-targeted-2.2.25-2.fc5
produces the error:
$ vmware
/usr/lib/vmware/bin/vmware: error while loading shared
libraries:
/usr/lib/vmware/lib/libgdk-x11-2.0.so.0/libgdk-x11-2.0.so.0:
cannot
restore segment prot after reloc: Permission denied
and the AVC:
Apr 3 09:38:05 kernel: audit(1144071485.547:433): avc: denied
{ execmod } for pid=21419 comm="vmware"
name="libgdk-x11-2.0.so.0"
dev=dm-0 ino=1343530 scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:lib_t:s0 tclass=file
--
Matthew Saltzman
Try
chcon -t textrel_shlib_t
/usr/lib/vmware/lib/libgdk-x11-2.0.so,0/libgdk-x11-2.0.so.0
Thanks, that did it. Is this something that can go in
selinux-policy-targeted, or is it something that VMware needs to take
care of?
We can take care of the file context to allow it, but vmware should fix
there library to not need it, if possible.
http://people.redhat.com/drepper/selinux-mem.html
explains what execmod means.
Dan
tom
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
