Nvidia and selinux

Boy Hartsuiker bm.hartsuiker at gmail.com
Sat Jun 16 22:24:21 UTC 2007


On Sun, 17 Jun 2007 00:21:44 +0200, Boy Hartsuiker  
<bm.hartsuiker at gmail.com> wrote:

> Om: Sat, 16 Jun 2007 23:50:50 +0200, Tanguy Eric wrote:
>> Since today's update, i can't run nvidia drivers without adding
>> selinux=0 to the kernel parameters. Without this the x server don't
>> start :type=AVC msg=audit(1182029670.355:86): avc:  denied  { execstack  
>> } for
>> pid=2634 comm="Xorg"
>> scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023
>> tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=process
>> type=SYSCALL msg=audit(1182029670.355:86): arch=40000003 syscall=125
>> success=no exit=-13 a0=bfe12000 a1=1000 a2=1000007 a3=fffff000 items=0
>> ppid=2633 pid=2634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
>> egid=0 sgid=0 fsgid=0 tty=tty7 comm="Xorg" exe="/usr/bin/Xorg"
>> subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 key=(null)
>
> run "system-config-security"
> In the menu "Memory Protection" check the 5th box that says "...make  
> their stack executable..."
> If I remember correctly you'll have to allow "...map region as both  
> executable and writable..." too, but I'm not sure
>

Sorry, "system-config-selinux", not "system-config-security"


-- 
Boy Hartsuiker




More information about the fedora-list mailing list