Selinux and Compiz

Ben Gamari (FOSS) bgamari at gmail.com
Sat Oct 25 22:32:54 UTC 2008 

There should be no need to entirely disable SELinux. In my several
months of using Rawhide, I have never had an issue with SELinux and the
security that it provides is more than worth the one-in-a-thousand
chance of a minor annoyance. You need to keep in mind that using the
NVidia binary driver is definitely not an ideal case when it comes to
problem-free operation of your installation. I had a bad enough time
keeping the NVidia blob from crashing my machine when I was still on an
NVidia graphics platform; I can certainly believe you are having some
annoyances with something like SELinux.

Speaking from personal experience, if you want trouble-free operation of
your Linux box, dump the NVidia card. I've had nothing but good
experiences with Intel integrated hardware (although it might not meet
your requirements) and AMD hardware is quickly gaining open-source
support. Even recent releases of AMD's binary driver have been
surprisingly unproblematic in my experience.

Regardless, the AVC denial that you reported should be fairly simple to
resolve without fully disabling SELinux. You should look at
setroubleshooter and determine exactly what the nature of the denial
is.  Then open a bug with the output of setroubleshooter so that the
issue can be fixed.

- Ben


Chuck Forsberg WA7KGX N2469R wrote:
> After installing the Nvidia driver I tried to enable special effects
> but was thwarted by an AVC denial.  I couldn't get the acceleration
> enabled until I turned off SElinux.
>
> It seems with Fedora and SElinux is it simply a matter of time
> before SElinux throws a spanner in the works at which time
> I have to get rid of it.
>
> A security tool that is incompatible with normal use to the
> extent it must be disabled offers no real security.  Perhaps
> it should be an add-on for security geeks instead of a default
> annoyance.    
> Chuck Forsberg    caf at omen.com   www.omen.com   503-614-0430
> Developer of Industrial ZMODEM(Tm) for Embedded Applications
>  Omen Technology Inc      "The High Reliability Software"
> 10255 NW Old Cornelius Pass Portland OR 97231   FAX 629-0665
>

More information about the fedora-test-list mailing list