ati driver and selinux
redhatdude at bellsouth.net
redhatdude at bellsouth.net
Thu Sep 14 20:30:44 UTC 2006
On Sep 14, 2006, at 4:14 PM, Stephen Smalley wrote:
> On Thu, 2006-09-14 at 16:03 -0400, redhatdude at bellsouth.net wrote:
>> These are the errors I got
>>
>> type=AVC msg=audit(1158255182.936:396): avc: denied { execmod }
>> for pid=7074 comm="X" name="fglrx_drv.so" dev=dm-0 ino=2328943
>> scontext=user_u:system_r:xdm_xserver_t:s0
>> tcontext=user_u:object_r:lib_t:s0 tclass=file
>> type=SYSCALL msg=audit(1158255182.936:396): arch=40000003 syscall=125
>> success=no exit=-13 a0=f64000 a1=661000 a2=5 a3=bfeb46d0
>> items=0 pid=7074 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
>> egid=0 sgid=0 fsgid=0 tty=tty7 comm="X" exe="/usr/bin/Xorg"
>> subj=user_u:system_r:xdm_xserver_t:s0
>> type=AVC_PATH msg=audit(1158255182.936:396): path="/usr/lib/xorg/
>> modules/drivers/fglrx_drv.so"
>
> Ok, looks like this one has already been added to upstream policy.
> You should be able to do the following:
>
> # /usr/sbin/semanage fcontext -a -t textrel_shlib_t /usr/lib/xorg/
> modules/drivers/fglrx_drv.so
> # /sbin/restorecon -v /usr/lib/xorg/modules/drives/fglrx_drv.so
>
> This marks the DSO as requiring text relocations.
>
> --
> Stephen Smalley
> National Security Agency
>
Hi Stephen,
Thanks for helping.
Well. I ran those commands in the terminal and the avc errors are
gone from the audit.log. However, I lost the display. KDM starts but
all I get is a blank screen with or without selinux.
EJ.
More information about the fedora-selinux-list
mailing list