On 4/12/06, Tom London <selinux(a)gmail.com> wrote:
I did 'setenforce 0', and 'rpm -Uvh
selinux-policy-targeted*', and
this seems to be proceeding without errors.
I'm getting lots of files relabeled (>400), mostly texrel_shlib_t to
lib_t, for things like /usr/lib/firefox, /usr/lib/mozilla,
/usr/lib/wine.
This expected?
Hmmm...Suspect relabeling has broken some stuff. Get this when I try
to start firefox:
type=AVC msg=audit(1144853278.073:58): avc: denied { execmod } for
pid=4819 comm="firefox-bin" name="libxpcom_core.so" dev=dm-0
ino=6114892 scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1144853278.073:58): arch=40000003 syscall=125
success=yes exit=0 a0=327000 a1=cc000 a2=5 a3=bfc5e610 items=0
pid=4819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500
sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
exe="/usr/lib/firefox-1.5.0.1/firefox-bin"
subj=user_u:system_r:unconfined_t:s0
type=AVC_PATH msg=audit(1144853278.073:58):
path="/usr/lib/firefox-1.5.0.1/libxpcom_core.so"
I'll reboot in permissive mode and try to capture all the AVCs....
tom
--
Tom London