Re: Beta on Beta: VMware Workstation 7 RC on F12B?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/25/2009 4:59 PM, Christopher A. Williams wrote:
> On Sun, 2009-10-25 at 15:47 -0400, David wrote:
>> On 10/25/2009 2:22 PM, James Cassell wrote:
>>
>>
>> WOW! What a concept!
>>
>> In order to run a closed source 3rd party application that is
>> misbehaving I will disable one of the very things that helps to protect
>> my system from misbehaving 3rd party applications.
> 
> First, thanks to James for helping me solve the problem. Switching to
> permissive mode allowed Workstation to install and run without any
> further problems.
> 
> Next, the *concept* is actually this:
> We're running B-E-T-A software here. That means we must do things to
> find out how ALL software works on it, regardless of its license. This
> isn't a misbehaving 3rd party closed source application. It's a 3rd
> party application which is making a request that the selinux targeted
> policy doesn't know anything about. We switch to permissive mode to flag
> the issue in selinux and then report it. The selinux people then are
> able to troubleshoot and resolve the problem by updating the targeted
> policy accordingly.
> 
> So - to the the selinux folks: The issue appears to be that VMware
> Workstation 7 RC is requesting access to portrelease, which makes sense
> when you think of how it needs to set up virtual networks. Looks like it
> may also be happening in F11. The fix is to create a policy for this to
> be allowed for this application.
> 
> I will try to collect the bug and file a BZ for it next opportunity.


Simple example.

I lock my front door to protect my home and family. Every time I try to
unlock my front door it sticks. It is a new, untested lock. So I disable
the lock? Or adjust the locks behavior by asking for expert help?


I was referring to him and his solution. Not you. But then you agreed
with his solution.

The proper solution would be the Bugzilla report that you mentioned
and/or asking the nice folks (read experts here) on the Fedora SELinux
list for help and/or asking on the VMware forum instead of breaking the
lock and making it easy for all of the potential 'bad guys' to enter.

Your choice of course.

-- 


  David



Attachment: signature.asc
Description: OpenPGP digital signature

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux