Running latest rawhide, targeted enforcing.
I updated VMware from VMware-workstation-5.5.2-29772.i386.rpm to
VMware-workstation-5.5.3-34685.i386.rpm.
New VMware will not run in enforcing mode, but will in permissive
mode. Here is console output from enforcing mode:
[tbl@localhost ~]$ vmware
GTK Accessibility Module initialized
process 4409: Applications must not close shared connections - see
dbus_connection_close() docs. This is a bug in the application.
D-Bus not built with -rdynamic so unable to print a backtrace
GTK Accessibility Module initialized
/usr/lib/vmware/bin/vmware: symbol lookup error: /usr/lib/libspi.so.0:
undefined symbol: atk_hyperlink_impl_get_type
[tbl@localhost ~]$
In permissive mode:
[tbl@localhost ~]$ vmware
GTK Accessibility Module initialized
[tbl@localhost ~]$
In permissive mode, produces many (e.g., >1000) AVCs trying to access
DBUS. Here are 2 of them:
type=USER_AVC msg=audit(1164639327.028:1041): user pid=2165 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:
denied { send_msg } for msgtype=method_call
interface=org.freedesktop.Hal.Device member=PropertyExists
dest=org.freedesktop.Hal spid=4488 tpid=2652
scontext=user_u:system_r:unconfined_execmem_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=dbus :
exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1164639327.028:1042): user pid=2165 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:
denied { send_msg } for msgtype=method_return dest=:1.25 spid=2652
tpid=4488 scontext=system_u:system_r:hald_t:s0
tcontext=user_u:system_r:unconfined_execmem_t:s0 tclass=dbus :
exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
or
allow hald_t unconfined_execmem_t:dbus send_msg;
allow unconfined_execmem_t hald_t:dbus send_msg;
Make sense to add?
tom
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
