VMware Workstation in FC5
Daniel J Walsh
dwalsh at redhat.com
Mon Apr 3 18:29:46 UTC 2006
Matthew Saltzman wrote:
> On Mon, 3 Apr 2006, Tom London wrote:
>
>> On 4/3/06, Matthew Saltzman <mjs at ces.clemson.edu> wrote:
>>> Running vmware workstation in FC5 with
>>> selinux-policy-targeted-2.2.25-2.fc5
>>> produces the error:
>>>
>>> $ vmware
>>> /usr/lib/vmware/bin/vmware: error while loading shared
>>> libraries:
>>> /usr/lib/vmware/lib/libgdk-x11-2.0.so.0/libgdk-x11-2.0.so.0:
>>> cannot
>>> restore segment prot after reloc: Permission denied
>>>
>>> and the AVC:
>>>
>>> Apr 3 09:38:05 kernel: audit(1144071485.547:433): avc: denied
>>> { execmod } for pid=21419 comm="vmware"
>>> name="libgdk-x11-2.0.so.0"
>>> dev=dm-0 ino=1343530 scontext=user_u:system_r:unconfined_t:s0
>>> tcontext=system_u:object_r:lib_t:s0 tclass=file
>>>
>>> --
>>> Matthew Saltzman
>>>
>> Try
>> chcon -t textrel_shlib_t
>> /usr/lib/vmware/lib/libgdk-x11-2.0.so,0/libgdk-x11-2.0.so.0
>
> Thanks, that did it. Is this something that can go in
> selinux-policy-targeted, or is it something that VMware needs to take
> care of?
>
We can take care of the file context to allow it, but vmware should fix
there library to not need it, if possible.
http://people.redhat.com/drepper/selinux-mem.html
explains what execmod means.
Dan
>>
>> tom
>> --
>> Tom London
>>
>
More information about the selinux
mailing list