On Sep 14, 2006, at 4:30 PM, redhatdude@xxxxxxxxxxxxx wrote:
On Sep 14, 2006, at 4:14 PM, Stephen Smalley wrote:
On Thu, 2006-09-14 at 16:03 -0400, redhatdude@xxxxxxxxxxxxx wrote:
These are the errors I got
type=AVC msg=audit(1158255182.936:396): avc: denied { execmod }
for pid=7074 comm="X" name="fglrx_drv.so" dev=dm-0 ino=2328943
scontext=user_u:system_r:xdm_xserver_t:s0
tcontext=user_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1158255182.936:396): arch=40000003
syscall=125
success=no exit=-13 a0=f64000 a1=661000 a2=5 a3=bfeb46d0
items=0 pid=7074 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=tty7 comm="X" exe="/usr/bin/Xorg"
subj=user_u:system_r:xdm_xserver_t:s0
type=AVC_PATH msg=audit(1158255182.936:396): path="/usr/lib/xorg/
modules/drivers/fglrx_drv.so"
Ok, looks like this one has already been added to upstream policy.
You should be able to do the following:
# /usr/sbin/semanage fcontext -a -t textrel_shlib_t /usr/lib/xorg/
modules/drivers/fglrx_drv.so
# /sbin/restorecon -v /usr/lib/xorg/modules/drives/fglrx_drv.so
This marks the DSO as requiring text relocations.
--
Stephen Smalley
National Security Agency
Hi Stephen,
Thanks for helping.
Well. I ran those commands in the terminal and the avc errors are
gone from the audit.log. However, I lost the display. KDM starts
but all I get is a blank screen with or without selinux.
EJ.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Nevermind, I ran the configuration utility for ati ( aticonfig ) and
restarted kdm. Now everything works perfectly.
Thanks a lot for the help.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
