Running strict/enforcing, today's Rawhide.
Noticed the avcs below in the log.
I believe the java one may be from the sun JVM I have installed....
xscreensaver and helixplayer ones are new.
My understanding is that I need to set the boolean 'allow_execmod' to
allow this kind of thing (although nothing appears broken....)
Do I have that correct?
tom
Jan 28 07:54:36 fedora gdm(pam_unix)[3218]: session opened for user
tbl by (uid=0)
Jan 28 07:54:48 fedora kernel: audit(1106927688.744:0): avc: denied
{ execmod } for pid=3491 comm=xscreensaver-gl
path=/usr/X11R6/lib/libGL.so.1.2 dev=hda2 ino=4127021
scontext=user_u:user_r:user_t tcontext=system_u:object_r:shlib_t
tclass=file
Jan 28 07:54:57 fedora kernel: audit(1106927697.979:0): avc: denied
{ execmod } for pid=3549 comm=java path=/lib/libc-2.3.4.so dev=hda2
ino=3178539 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:shlib_t tclass=file
Jan 28 07:55:19 fedora kernel: audit(1106927719.841:0): avc: denied
{ execmod } for pid=3650 comm=hxplay.bin
path=/usr/lib/helix/plugins/swfrender.so dev=hda2 ino=4375247
scontext=user_u:user_r:user_t tcontext=system_u:object_r:shlib_t
tclass=file
Jan 28 07:55:21 fedora kernel: audit(1106927721.289:0): avc: denied
{ execmod } for pid=3650 comm=hxplay.bin
path=/usr/lib/helix/plugins/oggfformat.so dev=hda2 ino=4376641
scontext=user_u:user_r:user_t tcontext=system_u:object_r:shlib_t
tclass=file
Jan 28 07:55:21 fedora kernel: audit(1106927721.316:0): avc: denied
{ execmod } for pid=3650 comm=hxplay.bin
path=/usr/lib/helix/plugins/theorarend.so dev=hda2 ino=4376654
scontext=user_u:user_r:user_t tcontext=system_u:object_r:shlib_t
tclass=file
Jan 28 07:55:22 fedora kernel: audit(1106927722.757:0): avc: denied
{ execmod } for pid=3650 comm=hxplay.bin
path=/usr/lib/helix/plugins/vorbisrend.so dev=hda2 ino=4376655
scontext=user_u:user_r:user_t tcontext=system_u:object_r:shlib_t
tclass=file
Show replies by date