FC3 " avc: denied" issue
Russell Coker
russell at coker.com.au
Mon Dec 27 12:12:42 UTC 2004
On Monday 27 December 2004 22:14, Valdis.Kletnieks at vt.edu wrote:
> > FC3 has SE Linux enabled by default. Anything that is designed for FC3
> > has to be designed to work with SE Linux. It seems that the NVIDIA
> > driver archive is not designed to do so. It would be much easier if they
> > just provided a RPM.
>
> The problem is that they didn't drink the "All Linux is RedHat RPM-based"
> kool-aid.
Do you think that I have drunk such kool-aid? I was a Debian developer for
many years before joining Red Hat.
> They're additionally hobbled by the fact that they have a userspace
> component (where the .so's came from) and a kernel module - and if either
> userspace and module, or module and kernel, get out of sync, things Fail
> Very Badly.
They designed it badly. Keeping interfaces synchronised isn't that difficult,
all the code that gets into the main-line kernel keeps the interfaces the
same for long periods of time. Interface changes have version numbers and
applications can (if necessary) support both interfaces.
>From what you are telling me the first thing that they need to do is to design
an interface between user-space and the kernel code.
> Currently, they ship *one* release that will work out-of-the-box for
> literally 134 or so different distro/release/kernel combos. For *JUST* the
> Fedora releases, they have:
>
> There's also RH 7.2->9.0 and RHEL 3.0 and Mandrake 8.1->10 and Suse
> prebuilts.
If they are producing multiple packages for each distribution then they must
have the builds automated. It should be quite easy to make an automatic
build script that builds RPMs, Debian packages, and any other types of
package that seem necessary.
> Currently, *any* of those users can get *the same package*, run the
> installer, and things Just Work. Otherwise, they get the support problem
> of shipping 134 different RPM's (which is not THAT bad, really), and making
> sure the people actually download the *RIGHT* one (can you say "help desk
> nightmare"?)
If the interface between kernel and user-space doesn't change then all they
need to do is have one RPM for the shared objects and a set of RPMs that
install .ko's in the correct places for each kernel. You would just have to
make sure that every time you upgrade your kernel you install the matching
drivers. If you didn't install the drivers then the symptom would be a lack
of 3D graphics which would be easy to fix.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list