Re: SELinux detects problem with proprietary binary fglrx driver; however, AMD/ATI will not help

[Francis K Shim <belfrancis2001 yahoo ca>]

On Thu, 2008-09-25 at 23:38 -0400, Valdis Kletnieks vt edu wrote:
> On Fri, 26 Sep 2008 00:31:09 +1000, James Morris said:
> 
> > - Francis asked for a much-secure or safer workaround to the issue.  
> > Given that the driver is messing with kernel security, is also broken in 
> > its use of a security API, and not maintained, I'm certainly not going to 
> > recommend its continued use in this context.

>From the perspective of security and safety, I agree with James in
simply *not* using the fglrx driver, in favor of a VESA or compatible
open-source device driver; however, that being said, it will essentially
cripple the usage of the full range of the video card's capabilities.
It is acceptable if I were to only be limited to simple text editing and
low intensity graphics.  However, it does mean that any photo-realistic
and intense graphics manipulation will suffer, which I can live with for
a little while, but not forever.

> Given the fact it's a kernel BUG, I wonder if the *real* issue isn't
> that the driver doesn't support SELinux, but that it doesn't understand
> the expanded more-than-32-bits capabilities in recent kernels, causing
> something to overlay something it shouldn't have...

If this is the case, then I would be happy to tell AMD/ATI about this
interface bug; however, I think that SELinux itself, Linux and the
Open-source community should use incidences like this as further
proof-of-application (versus proof-of-concept).  At least, in this
respect, there should be an opportunity for strengthening liason between
*us* and the AMD/ATI team.

Peace,
Frank