Hi all, At this point i'm still trying to use SELINUX to "contain" vmware player, making it run in targeted mode. I'm still rather new to this but through the help of Ken, i've been able to manipulate modules and get it to "affect" the vmware player but at this point my vmware player is still "broken". Would anyone be able to share their configurations (.te,.fc,.if) file if you've managed to get it to work with vmware player or vmware-workstation 6 ? CUrrently i'm working with Fedora 7 but intend to port it back to RHEL 5. I've downloaded the latest reference policy from oss and examined the vmware relevant files. From examining the vmware.fc and "/etc/selinux/targeted/modules/active/file_context", seems like the vmware.fc file could have been written for an older/different version of vmware where the vmnet devices are at /dev/vmnet.* instead of /dev/vmnet* found in vmplayer 2/workstation 6. Which version was it written for? I went on to modify the vmware.fc file and managed to compile and load the vmware.pp module. But currently this affected the vmware services at startup, e.g. vmnet-dhcpd. For vmware, when something fails to start, it would ask me to rum vmware-config.pl again when i restart it. Doing this would recreate the /dev/vmnet* files over again but it will not have the right context, defaulting to "device_t" instead of "vmware_device_t" that i have modified. The line in my vmware.fc looks like this: /dev/vmnet0 -- gen_context(system_u:object_r:vmware_device_t,s0) /dev/vmnet1 -- gen_context(system_u:object_r:vmware_device_t,s0) /dev/vmnet8 -- gen_context(system_u:object_r:vmware_device_t,s0) I was thinking that if the script has created a new /dev/vmnet file it would automatically use the vmware_device_t context but it didn't. Did i miss out anything? What is the two "--" on the line mean? are they significant? Sorry about the long post, any help or advice? Thanks. Louis Send instant messages to your online friends http://uk.messenger.yahoo.com -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
