Re: SELinux and Wine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2009-08-06 at 00:15 -0400, Ryan Gandy wrote:
> Oops.  Hit the wrong button by mistake, here you go.  Whole stack of
> AVC denials.
> 
> Aug  3 16:39:41 TechComm kernel: type=1400
> audit(1249331981.357:15701): avc:  denied  { mmap_zero } for  pid=3752
> comm="wine-preloader" scontext=staff_u:staff_r:
> staff_t:s0-s0:c0.c1023 tcontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023
> tclass=memprotect
> Aug  3 16:39:41 TechComm kernel: type=1400
> audit(1249331981.357:15702): avc:  denied  { execmem } for  pid=3752
> comm="wine-preloader" scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023
> tcontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tclass=process
> Aug  3 16:39:41 TechComm kernel: type=1400 

Hmm...so there is no transition defined from the confined user domains
to wine_t, only from unconfined_t.  That is likely intentional since
wine_t is unconfined under targeted policy (there is a
unconfined_domain_noaudit() call in wine.te).

-- 
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux