VMWare config issue (Newbie)

Earl unorlist at yahoo.com
Mon Jun 28 15:13:06 UTC 2004 

--- Stephen Smalley <sds at epoch.ncsc.mil> wrote:
> On Fri, 2004-06-25 at 14:50, Earl wrote:
> > All,
> > 
> > I'm just learning so forgive the trivial nature of
> the
> > question:
> > 
> > FC2, Installed VMWare workstation 4.5x, unable to
> run
> > configuration script, just "yum-ed" so I'm up to
> date,
> > relableled, rebooted, still cannot run
> configuration
> > script...
> > [root at host root]# id
> > uid=0(root) gid=0(root)
>
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> > context=root:sysadm_r:sysadm_t
> > [root at host root]# /usr/bin/vmware-config.pl
> > Can't open perl script
> "/usr/bin/vmware-config.pl":
> > Permission denied
> > [root at host root]# ls -Z /usr/bin/vmware-config.pl
> > -r-xr-xr-x+ root     root    
> > system_u:object_r:vmware_exec_t 
> > /usr/bin/vmware-config.pl
> > 
> > Looks like a context problem to me but I am unsure
> > what to change... my context, that of the script
> > itself or modify context files and relabel?
> > 
> > I have the docs, have been reading, but I have not
> > been able to understand some of the genreal
> concepts.
> > 
> > Any advice will be appreciated.
> 
> audit2allow -d -l | grep vmware_t should show you
> the relevant missing
> allow statements from the policy.  On FC2, you can
> then add them to your
> policy by doing the following:
> 
> yum install policy-sources
> cd /etc/security/selinux/src/policy
> audit2allow -d -l | grep vmware_t >>
> domains/misc/local.te
> make load

Already had policy-sources.
Did the rest, no I get:
# /usr/bin/vmware-config.pl
Setup is unable to find the "more" program on your
machine.  Please make sure it is installed.  Do you
want to specify the location of this program by hand?
[yes]
What is the location of the "more" program on your
machine? /bin/more
The answer "/bin/more" is invalid.  It must be the
complete name of a binary file.

# ls -Z /bin/more
-rwxr-xr-x+ root     root     system_u:object_r:bin_t 
        /bin/more

> But I'm not clear that vmware-config.pl should be
> labeled vmware_exec_t
> at all (vs. bin_t).  What is the advantage of
> running the configuration
> script in vmware_t vs. sysadm_t?  There are no type
> transition rules for
> vmware_t (except for /var/run files), so it doesn't
> help keep the
> configuration in the right type.  
> 
> -- 
> Stephen Smalley <sds at epoch.ncsc.mil>
> National Security Agency


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the fedora-selinux-list mailing list