On Wed, 2005-05-18 at 07:32 +0100, Paul wrote:
> One interesting thing on the logs...
>
> audit(1116372981.492:0): avc: denied {execmod} for
> path=/usr/lib/tls/libnvidia-tls.so.1.0.7174 dev=hda5 ino=263999
> scotext=system_u:system_r:initrc_t tcontext=root:object_r:lib_t
> tclass=file
>
> Is SELinux objecting to it and if it is, how do I fix it? I have SELinux
> set to Permissive - Targetted.
chcon -t texrel_shlib_t /usr/lib/tls/libnvidia-tls.so.1.0.7174
This marks the shared object as requiring text relocation, and thus
allows it to happen in the policy (if allow_execmod boolean is
active; /usr/sbin/getsebool allow_execmod).
Looks like the policy needs to be updated as the existing regex for
nvidia in types.fc doesn't cover this case (it seems to assume that they
live in a nvidia subdirectory).
--
Stephen Smalley
National Security Agency