Latest rawhide packages, kudzu has problems with /dev/zero and /dev/mem kudzu generates: Nov 7 17:20:13 fedora kernel: audit(1099847973.501:0): avc: denied { read } for pid=826 exe=/sbin/kmodule name=zero dev=tmpfs ino=3510 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:zero_device_t tclass=chr_file Nov 7 17:20:13 fedora kernel: audit(1099847973.501:0): avc: denied { read } for pid=826 exe=/sbin/kmodule name=zero dev=tmpfs ino=3510 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:zero_device_t tclass=chr_file after fixing this, it fails on mmap of /dev/zero, so need to also add execute. Here's a patch: --- SAVE/kudzu.te 2004-11-07 18:18:24.889196971 -0800 +++ ./kudzu.te 2004-11-07 18:18:52.095994659 -0800 @@ -18,6 +18,7 @@ allow kudzu_t modules_object_t:dir r_dir_perms; allow kudzu_t { modules_object_t modules_dep_t }:file { getattr read }; allow kudzu_t mouse_device_t:chr_file { read write }; +allow kudzu_t zero_device_t:chr_file { read execute }; allow kudzu_t proc_t:file { getattr read }; allow kudzu_t { fixed_disk_device_t removable_device_t }:blk_file rw_file_perms; allow kudzu_t scsi_generic_device_t:chr_file r_file_perms; But, it now produces: Nov 8 06:53:38 fedora kernel: audit(1099896764.946:0): avc: denied { read write } for pid=826 exe=/sbin/kmodule name=mem dev=tmpfs ino=909 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:memory_device_t tclass=chr_file Adding allow kudzu_t memory_device_t:chr_file { read write }; produces /usr/bin/checkpolicy: loading policy configuration from policy.conf security: 5 users, 6 roles, 1323 types, 31 bools security: 53 classes, 313479 rules assertion on line 269956 violated by allow kudzu_t memory_device_t:chr_file { read write }; make: *** [/etc/selinux/strict/policy/policy.18] Error 1 Some help, please? thanks, tom -- Tom London