On 10/25/2009 4:59 PM, Christopher A. Williams wrote: > On Sun, 2009-10-25 at 15:47 -0400, David wrote: >> On 10/25/2009 2:22 PM, James Cassell wrote: >> >> >> WOW! What a concept! >> >> In order to run a closed source 3rd party application that is >> misbehaving I will disable one of the very things that helps to protect >> my system from misbehaving 3rd party applications. > > First, thanks to James for helping me solve the problem. Switching to > permissive mode allowed Workstation to install and run without any > further problems. > > Next, the *concept* is actually this: > We're running B-E-T-A software here. That means we must do things to > find out how ALL software works on it, regardless of its license. This > isn't a misbehaving 3rd party closed source application. It's a 3rd > party application which is making a request that the selinux targeted > policy doesn't know anything about. We switch to permissive mode to flag > the issue in selinux and then report it. The selinux people then are > able to troubleshoot and resolve the problem by updating the targeted > policy accordingly. > > So - to the the selinux folks: The issue appears to be that VMware > Workstation 7 RC is requesting access to portrelease, which makes sense > when you think of how it needs to set up virtual networks. Looks like it > may also be happening in F11. The fix is to create a policy for this to > be allowed for this application. > > I will try to collect the bug and file a BZ for it next opportunity. Simple example. I lock my front door to protect my home and family. Every time I try to unlock my front door it sticks. It is a new, untested lock. So I disable the lock? Or adjust the locks behavior by asking for expert help? I was referring to him and his solution. Not you. But then you agreed with his solution. The proper solution would be the Bugzilla report that you mentioned and/or asking the nice folks (read experts here) on the Fedora SELinux list for help and/or asking on the VMware forum instead of breaking the lock and making it easy for all of the potential 'bad guys' to enter. Your choice of course. -- David
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
