[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: VMware Workstation in FC5



On 4/3/06, Daniel J Walsh <dwalsh redhat com> wrote:
> Matthew Saltzman wrote:
> > On Mon, 3 Apr 2006, Tom London wrote:
> >
> >> On 4/3/06, Matthew Saltzman <mjs ces clemson edu> wrote:
> >>> Running vmware workstation in FC5 with
> >>> selinux-policy-targeted-2.2.25-2.fc5
> >>> produces the error:
> >>>
> >>>         $ vmware
> >>>         /usr/lib/vmware/bin/vmware: error while loading shared
> >>> libraries:
> >>>         /usr/lib/vmware/lib/libgdk-x11-2.0.so.0/libgdk-x11-2.0.so.0:
> >>> cannot
> >>>         restore segment prot after reloc: Permission denied
> >>>
> >>> and the AVC:
> >>>
> >>>         Apr  3 09:38:05 kernel: audit(1144071485.547:433): avc:  denied
> >>>         { execmod } for  pid=21419 comm="vmware"
> >>> name="libgdk-x11-2.0.so.0"
> >>>         dev=dm-0 ino=1343530 scontext=user_u:system_r:unconfined_t:s0
> >>>         tcontext=system_u:object_r:lib_t:s0 tclass=file
> >>>
> >>> --
> >>>                 Matthew Saltzman
> >>>
> >> Try
> >>    chcon -t textrel_shlib_t
> >> /usr/lib/vmware/lib/libgdk-x11-2.0.so,0/libgdk-x11-2.0.so.0
> >
> > Thanks, that did it.  Is this something that can go in
> > selinux-policy-targeted, or is it something that VMware needs to take
> > care of?
> >
> We can take care of the file context to allow it, but vmware should fix
> there library to not need it, if possible.
> http://people.redhat.com/drepper/selinux-mem.html
> explains what execmod means.
>
> Dan
Yeah, I tried that at vmware and got nowhere....

I strongly suspect we are blazing the trail here.
tom
--
Tom London


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]