> >> Hello. For quite some time I have this avc denial
> at boot time:
> >>
> >> f17 kernel: [ 24.589672] type=1400
> audit(1348484525.104:4): avc:
> >> denied { mmap_zero } for pid=449
> comm="vbetool"
> >>
> scontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023
> >> tcontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023
> tclass=memprotect
> >>
> >> I know it's for vbetool but it comes right after
> the video driver module
> >> is loaded (don't know if it makes sense).
> >>
> >> Should I leave it alone? Should I report to
> selinux-policy-targeted as a
> >> bug? Or maybe create some policy to work around
> that?
> >
> > The policy configuration supports two options:
> >
> > 1. silently deny this: setsebool -P
> vbetool_mmap_zero_ignore on
> >
> > or
> >
> > 2. allow this: setsebool -P mmap_low_allowed on
> >
> >
> >
>
> A better solution is probably
>
> yum remove vbetool
>
> Since most people do not need it.
Thank you both.
I installed vbetool some time ago to troubleshoot suspend/hibernate issues.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
