[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: VMware Workstation in FC5

From: Daniel J Walsh <dwalsh redhat com>
To: Matthew Saltzman <mjs ces clemson edu>
Cc: fedora-selinux-list redhat com
Subject: Re: VMware Workstation in FC5
Date: Mon, 03 Apr 2006 14:29:46 -0400

Matthew Saltzman wrote:

On Mon, 3 Apr 2006, Tom London wrote:
On 4/3/06, Matthew Saltzman <mjs ces clemson edu> wrote:
Running vmware workstation in FC5 withselinux-policy-targeted-2.2.25-2.fc5
produces the error:

        $ vmware
/usr/lib/vmware/bin/vmware: error while loading sharedlibraries:/usr/lib/vmware/lib/libgdk-x11-2.0.so.0/libgdk-x11-2.0.so.0:cannot
        restore segment prot after reloc: Permission denied

and the AVC:

        Apr  3 09:38:05 kernel: audit(1144071485.547:433): avc:  denied
{ execmod } for pid=21419 comm="vmware"name="libgdk-x11-2.0.so.0"
        dev=dm-0 ino=1343530 scontext=user_u:system_r:unconfined_t:s0
        tcontext=system_u:object_r:lib_t:s0 tclass=file

--
                Matthew Saltzman
Try
   chcon -t textrel_shlib_t
/usr/lib/vmware/lib/libgdk-x11-2.0.so,0/libgdk-x11-2.0.so.0
Thanks, that did it. Is this something that can go inselinux-policy-targeted, or is it something that VMware needs to takecare of?

We can take care of the file context to allow it, but vmware should fixthere library to not need it, if possible.

http://people.redhat.com/drepper/selinux-mem.html
explains what execmod means.

Dan


tom
--
Tom London

Follow-Ups:
- Re: VMware Workstation in FC5
  - From: Tom London

References:
- VMware Workstation in FC5
  - From: Matthew Saltzman
- Re: VMware Workstation in FC5
  - From: Tom London
- Re: VMware Workstation in FC5
  - From: Matthew Saltzman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]