VMware Workstation in FC5
Tom London
selinux at gmail.com
Mon Apr 3 23:29:35 UTC 2006
On 4/3/06, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Matthew Saltzman wrote:
> > On Mon, 3 Apr 2006, Tom London wrote:
> >
> >> On 4/3/06, Matthew Saltzman <mjs at ces.clemson.edu> wrote:
> >>> Running vmware workstation in FC5 with
> >>> selinux-policy-targeted-2.2.25-2.fc5
> >>> produces the error:
> >>>
> >>> $ vmware
> >>> /usr/lib/vmware/bin/vmware: error while loading shared
> >>> libraries:
> >>> /usr/lib/vmware/lib/libgdk-x11-2.0.so.0/libgdk-x11-2.0.so.0:
> >>> cannot
> >>> restore segment prot after reloc: Permission denied
> >>>
> >>> and the AVC:
> >>>
> >>> Apr 3 09:38:05 kernel: audit(1144071485.547:433): avc: denied
> >>> { execmod } for pid=21419 comm="vmware"
> >>> name="libgdk-x11-2.0.so.0"
> >>> dev=dm-0 ino=1343530 scontext=user_u:system_r:unconfined_t:s0
> >>> tcontext=system_u:object_r:lib_t:s0 tclass=file
> >>>
> >>> --
> >>> Matthew Saltzman
> >>>
> >> Try
> >> chcon -t textrel_shlib_t
> >> /usr/lib/vmware/lib/libgdk-x11-2.0.so,0/libgdk-x11-2.0.so.0
> >
> > Thanks, that did it. Is this something that can go in
> > selinux-policy-targeted, or is it something that VMware needs to take
> > care of?
> >
> We can take care of the file context to allow it, but vmware should fix
> there library to not need it, if possible.
> http://people.redhat.com/drepper/selinux-mem.html
> explains what execmod means.
>
> Dan
Yeah, I tried that at vmware and got nowhere....
I strongly suspect we are blazing the trail here.
tom
--
Tom London
More information about the fedora-selinux-list
mailing list