>> Hello. For quite some time I have this avc denial
at boot time:
>>
>> f17 kernel: [ 24.589672] type=1400
audit(1348484525.104:4): avc:
>> denied { mmap_zero } for pid=449
comm="vbetool"
>>
scontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023
>> tcontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023
tclass=memprotect
>>
>> I know it's for vbetool but it comes right after
the video driver module
>> is loaded (don't know if it makes sense).
>>
>> Should I leave it alone? Should I report to
selinux-policy-targeted as a
>> bug? Or maybe create some policy to work around
that?
>
> The policy configuration supports two options:
>
> 1. silently deny this: setsebool -P
vbetool_mmap_zero_ignore on
>
> or
>
> 2. allow this: setsebool -P mmap_low_allowed on
>
>
>
A better solution is probably
yum remove vbetool
Since most people do not need it.
Thank you both.
I installed vbetool some time ago to troubleshoot suspend/hibernate issues.