FC3 " avc: denied" issue

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Dec 27 11:14:55 UTC 2004 

On Mon, 27 Dec 2004 21:42:03 +1100, Russell Coker said:

> Report a bug to whoever provided the collection of files that their install 
> script should do the following:
> restorecon /usr/X11R6/lib/libXvMCNVIDIA.so.1.0.6629
> restorecon /usr/lib/libGL.so.1.0.6629

also you may need this:

restorecon /dev/nvidia*

(this one is already in the Fedora .fc files, but you may have mislabeled
versions until you relabel them...)

> FC3 has SE Linux enabled by default.  Anything that is designed for FC3 has to 
> be designed to work with SE Linux.  It seems that the NVIDIA driver archive 
> is not designed to do so.  It would be much easier if they just provided a 
> RPM.

The problem is that they didn't drink the "All Linux is RedHat RPM-based" kool-aid.

They're additionally hobbled by the fact that they have a userspace component
(where the .so's came from) and a kernel module - and if either userspace and module,
or module and kernel, get out of sync, things Fail Very Badly.

Currently, they ship *one* release that will work out-of-the-box for literally
134 or so different distro/release/kernel combos.  For *JUST* the Fedora releases,
they have:

fedora1boot_2.4.22-1.2115.nptl_i386
fedora1boot_2.4.22-1.2188.nptl_i386
fedora1smp_2.4.22-1.2115.nptl_athlon
fedora1smp_2.4.22-1.2115.nptl_i686
fedora1smp_2.4.22-1.2188.nptl_athlon
fedora1smp_2.4.22-1.2188.nptl_i686
fedora1up_2.4.22-1.2115.nptl_athlon
fedora1up_2.4.22-1.2115.nptl_i586
fedora1up_2.4.22-1.2115.nptl_i686
fedora1up_2.4.22-1.2188.nptl_athlon
fedora1up_2.4.22-1.2188.nptl_i586
fedora1up_2.4.22-1.2188.nptl_i686
fedora2smp_2.6.5-1.358_i586
fedora2smp_2.6.5-1.358_i686
fedora2smp_2.6.8-1.521_i586
fedora2smp_2.6.8-1.521_i686
fedora2up_2.6.5-1.358_i586
fedora2up_2.6.5-1.358_i686
fedora2up_2.6.8-1.521_i586
fedora2up_2.6.8-1.521_i686

There's also RH 7.2->9.0 and RHEL 3.0 and Mandrake 8.1->10 and Suse prebuilts.

Currently, *any* of those users can get *the same package*, run the installer,
and things Just Work.   Otherwise, they get the support problem of shipping 134
different RPM's (which is not THAT bad, really), and making sure the people
actually download the *RIGHT* one (can you say "help desk nightmare"?)

In fact, once upon a time, they *did* ship RPMs.  And the support issues were
why they went to shipping an installer instead...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20041227/deb2f263/attachment.sig>

More information about the fedora-selinux-list mailing list