On Fri, 2006-12-01 at 10:32 -0500, Ryan Skadberg wrote: > So, I recently got an IBM Thinkpad T43 which has a fingerprint > scanner. I went here: > > http://www.thinkwiki.org/wiki/Script_for_enabling_the_fingerprint_reader > > And ran the script (knowing it said it would not work on FC6). > Looking at /var/log/messages, I see the reason things don't work is > because of SELinux. > > I turned on the setroubleshoot daemon and it tells me in the Allowing > Access section: > > -- > If you trust /opt/bioapi/lib/libtfmessbsp.so to run correctly, you can > change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t > /opt/bioapi/lib/libtfmessbsp.so" > > The following command will allow this access: > chcon -t textrel_shlib_t /opt/bioapi/lib/libtfmessbsp.so > -- > > After doing this, I ran the script again and got the same error again > :( What am I missing? Lucky for you, I have the same laptop, so I'm trying it out right now. Here's my guess: That script builds and installs libtfmessbsp.so for you, so when you run the script again, it recreates the file. Remember that 'chcon' just changes the SELinux context for a file, like chmod does for permissions. So if you reinstall the file, you lose your permission changes. This should be fixed by either: 1) rewriting the library to not require text relocations (hard) 2) packaging the libraries properly and including the right SELinux contexts in the RPM (better) 3) changing the script to do the 'chcon' after building and installing the libraries (easiest) Hope that helps, -w p.s. Good work using setroubleshoot to track this down - it makes everyone's life much easier!
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list