ati driver and selinux ( SOLVED )

[redhatdude at bellsouth.net]

On Sep 14, 2006, at 4:30 PM, redhatdude at bellsouth.net wrote:

>
> On Sep 14, 2006, at 4:14 PM, Stephen Smalley wrote:
>
>> On Thu, 2006-09-14 at 16:03 -0400, redhatdude at bellsouth.net wrote:
>>> These are the errors I got
>>>
>>> type=AVC msg=audit(1158255182.936:396): avc:  denied  { execmod }
>>> for  pid=7074 comm="X" name="fglrx_drv.so" dev=dm-0 ino=2328943
>>> scontext=user_u:system_r:xdm_xserver_t:s0
>>> tcontext=user_u:object_r:lib_t:s0 tclass=file
>>> type=SYSCALL msg=audit(1158255182.936:396): arch=40000003  
>>> syscall=125
>>> success=no exit=-13 a0=f64000 a1=661000 a2=5 a3=bfeb46d0
>>> items=0 pid=7074 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
>>> egid=0 sgid=0 fsgid=0 tty=tty7 comm="X" exe="/usr/bin/Xorg"
>>> subj=user_u:system_r:xdm_xserver_t:s0
>>> type=AVC_PATH msg=audit(1158255182.936:396):  path="/usr/lib/xorg/
>>> modules/drivers/fglrx_drv.so"
>>
>> Ok, looks like this one has already been added to upstream policy.
>> You should be able to do the following:
>>
>> # /usr/sbin/semanage fcontext -a -t textrel_shlib_t /usr/lib/xorg/ 
>> modules/drivers/fglrx_drv.so
>> # /sbin/restorecon -v /usr/lib/xorg/modules/drives/fglrx_drv.so
>>
>> This marks the DSO as requiring text relocations.
>>
>> -- 
>> Stephen Smalley
>> National Security Agency
>>
>
> Hi Stephen,
> Thanks for helping.
> Well. I ran those commands in the terminal and the avc errors are  
> gone from the audit.log. However, I lost the display. KDM starts  
> but all I get is a blank screen with or without selinux.
> EJ.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Nevermind, I ran the configuration utility for ati ( aticonfig ) and  
restarted kdm. Now everything works perfectly.
Thanks a lot for the help.