SELinux fails to apply local policy module
Daniel J Walsh
dwalsh at redhat.com
Mon Apr 15 15:56:56 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/14/2013 06:38 PM, Suvayu Ali wrote:
> Hi,
>
> I use CrossOver (based on Wine) to run a Windows game. Everytime CrossOver
> runs something, I get this avc denial.
>
> SELinux is preventing wine-preloader from mmap_zero access on the
> memprotect .
>
> Raw Audit Messages from sealert:
>
> type=AVC msg=audit(1365802456.473:13663): avc: denied { mmap_zero } for
> pid=24734 comm="wine-preloader"
> scontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 tclass=memprotect
>
> So I tried following the instructions to generate a local policy module:
>
> # grep wine-preloader /var/log/audit/audit.log | audit2allow -M mypol #
> semodule -i mypol.pp
>
> But this fails like this:
>
> libsepol.scope_copy_callback: passanger: Duplicate declaration in module:
> type/attribute passenger_tmp_t (No such file or directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
> directory). semodule: Failed!
>
> So I have two questions, 1. is something missing in my system that the
> above fails? 2. is there a better way to resolve this other than generating
> a local policy module?
>
> Thanks in advance,
>
> PS: I am almost clueless about SELinux, so please bear with me.
>
Does your application work? If yes then no reason to allow this avc.
Looks like you have an old policy module that has crufted up your system.
locate passanger.pp
Try
semodule -r passanger
What OS is this? rhel6?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFsI0gACgkQrlYvE4MpobNFAgCbBNHVHEGve4Ri0MfkU4nhB2jS
n5cAnRb9XWZ/9dQ/zj7KMA16vZZfVQdh
=C/GG
-----END PGP SIGNATURE-----
More information about the users
mailing list