-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/27/2012 04:21 AM, Dominick Grift wrote:
> On Wed, Sep 26, 2012 at 03:40:32PM -0700, Sergio wrote:
>> Hello. For quite some time I have this avc denial at boot time:
>>
>> f17 kernel: [ 24.589672] type=1400 audit(1348484525.104:4): avc:
>> denied { mmap_zero } for pid=449 comm="vbetool"
>> scontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023
>> tcontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 tclass=memprotect
>>
>> I know it's for vbetool but it comes right after the video driver module
>> is loaded (don't know if it makes sense).
>>
>> Should I leave it alone? Should I report to selinux-policy-targeted as a
>> bug? Or maybe create some policy to work around that?
>
> The policy configuration supports two options:
>
> 1. silently deny this: setsebool -P vbetool_mmap_zero_ignore on
>
> or
>
> 2. allow this: setsebool -P mmap_low_allowed on
>
>
>
>>
>> Thank you. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
A better solution is probably
yum remove vbetool
Since most people do not need it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBkOUgACgkQrlYvE4MpobMNfQCgl8a6nd7FVvghxniPQoOjPk1I
AuUAn3whlGSMhhobvr7SikxiVC9NcO9p
=0/Ab
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
