[clueless-user]Should I ignore or report this avc denial?
Dominick Grift
dominick.grift at gmail.com
Thu Sep 27 08:21:05 UTC 2012
On Wed, Sep 26, 2012 at 03:40:32PM -0700, Sergio wrote:
> Hello.
> For quite some time I have this avc denial at boot time:
>
> f17 kernel: [ 24.589672] type=1400 audit(1348484525.104:4): avc: denied { mmap_zero } for pid=449 comm="vbetool" scontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 tcontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 tclass=memprotect
>
> I know it's for vbetool but it comes right after the video driver module is loaded (don't know if it makes sense).
>
> Should I leave it alone? Should I report to selinux-policy-targeted as a bug? Or maybe create some policy to work around that?
The policy configuration supports two options:
1. silently deny this: setsebool -P vbetool_mmap_zero_ignore on
or
2. allow this: setsebool -P mmap_low_allowed on
>
> Thank you.
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120927/28175612/attachment.sig>
More information about the selinux
mailing list