Clifford Snow wrote:
On Thu, 2006-07-06 at 17:14 -0700, Clifford Snow wrote:
I received a reply that Fedora uses metacity as a windows manager.
metacity isn't a running process. /var/log/messages gives:
Localhost kernel: audit(1152216505.513:285): avc: denied {execmem } for
pid=2408 com="metacity" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
Is this an error of metacity or a problem with selinux?
Therein lies the problem. SELinux policy is preventing metacity from
executing due to user space security checks that the policies in FC5 and
above with rawhide adding more. More details at
http://fedora.redhat.com/docs/selinux-faq-fc5/#faq-entry-unconfined_t
and http://danwalsh.livejournal.com/6117.html It probably requires fixes
in metacity code or otherwise explicitly allow this in policy. Kindly
file a bug report with the version and log details in
http://bugzilla.redhat.com against the SELinux component.
Rahul
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list