Re: [clueless-user]Should I ignore or report this avc denial?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Sep 26, 2012 at 03:40:32PM -0700, Sergio wrote:
> Hello.
> For quite some time I have this avc denial at boot time:
> 
> f17 kernel: [   24.589672] type=1400 audit(1348484525.104:4): avc:  denied  { mmap_zero } for  pid=449 comm="vbetool" scontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 tcontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 tclass=memprotect
> 
> I know it's for vbetool but it comes right after the video driver module is loaded (don't know if it makes sense).
> 
> Should I leave it alone? Should I report to selinux-policy-targeted as a bug? Or maybe create some policy to work around that?

The policy configuration supports two options:

1. silently deny this: setsebool -P vbetool_mmap_zero_ignore on

or

2. allow this: setsebool -P mmap_low_allowed on



> 
> Thank you.
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux

Attachment: pgpMpROkhnh0X.pgp
Description: PGP signature

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux