[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: kmod-nvidia-1.0.8178-6.2.6.16_1.2080_FC5



> On Thu, 2006-03-30 at 08:45 +0200, Eric Tanguy wrote:
>> Le mercredi 29 mars 2006 à 23:18 +0100, Paul Howarth a écrit :
>> > On Wed, 2006-03-29 at 13:47 -0800, Florin Andrei wrote:
>> > > On Wed, 2006-03-29 at 13:42 -0800, Florin Andrei wrote:
>> > >
>> > > > What's interesting is that I don't get this error. glxgears works
>> fine
>> > > > for me.
>> > >
>> > > SELinux does log a few things, but it says "granted" which is why
>> > > glxgears works.
>> > >
>> > > type=AVC msg=audit(1143668274.597:239): avc:  granted  { execmem }
>> for
>> > > pid=4444 comm="glxgears" scontext=user_u:system_r:unconfined_t:s0
>> > > tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>> > > type=SYSCALL msg=audit(1143668274.597:239): arch=40000003
>> syscall=192
>> > > success=yes exit=1183744 a0=0 a1=2000 a2=7 a3=2 items=0 pid=4444
>> > > auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500
>> sgid=500
>> > > fsgid=500 comm="glxgears" exe="/usr/bin/glxgears"
>> >
>> > Perhaps you have the booleans allow_execmem and allow_execmod on?
>> >
>> > Paul.
>> >
>> I would like to modify nothing in selinux policy to make glx. I think
>> this
>> have to work out of the box.
>> DO we have to wait for a new policy version ???
>
> Try:
> # setsebool -P allow_execmod 1
>
Yes i know it works but it does not seem to be acceptable that i have to
modify something in selinux to have a video driver working as it must.
Eric



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]