On Thu, 2008-09-25 at 23:38 -0400, Valdis.Kletnieks@xxxxxx wrote: > On Fri, 26 Sep 2008 00:31:09 +1000, James Morris said: > > > - Francis asked for a much-secure or safer workaround to the issue. > > Given that the driver is messing with kernel security, is also broken in > > its use of a security API, and not maintained, I'm certainly not going to > > recommend its continued use in this context. >From the perspective of security and safety, I agree with James in simply *not* using the fglrx driver, in favor of a VESA or compatible open-source device driver; however, that being said, it will essentially cripple the usage of the full range of the video card's capabilities. It is acceptable if I were to only be limited to simple text editing and low intensity graphics. However, it does mean that any photo-realistic and intense graphics manipulation will suffer, which I can live with for a little while, but not forever. > Given the fact it's a kernel BUG, I wonder if the *real* issue isn't > that the driver doesn't support SELinux, but that it doesn't understand > the expanded more-than-32-bits capabilities in recent kernels, causing > something to overlay something it shouldn't have... If this is the case, then I would be happy to tell AMD/ATI about this interface bug; however, I think that SELinux itself, Linux and the Open-source community should use incidences like this as further proof-of-application (versus proof-of-concept). At least, in this respect, there should be an opportunity for strengthening liason between *us* and the AMD/ATI team. Peace, Frank -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
