Bug 143783
Summary: | FC3 " avc: denied" issue with selinux | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Erwin J. Prinz <ejprinz> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | sitsofe, slhaffly |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-02-09 16:01:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Erwin J. Prinz
2004-12-27 19:43:56 UTC
For now we don't have a good solution for this, other then to relabel the file system. Basically to get it to work with SELinux you can setenforce 0 install NVIDIA touch /.autorelabel reboot Daniel, Will using setenforce Permissive still allow the installed files to labelled correctly without the autorelabel/reboot? No. You need a to use a SELinux aware application in order to label the files correctly. (restorecon, rpm, setfiles ...) What we can do is allow ldconfig to read the mislabeled files (lib_t instead of shlib_t) and this will allow all not protected processes to work correctly. (All of userspace). I can confirm that the same bug happens to me. Linux topaz 2.6.9-1.724_FC3 #1 Sun Jan 2 15:43:49 EST 2005 i686 athlon i386 GNU/Linux NVIDIA GeForce2 I've gotten around this by using the System Settings/Security Level tool to disable SELinux and then rebooting, installing the NVIDIA driver and then issuing startx, reenabling SELinux, then rebooting. Regards, Stephen You should never disable/renable SELinux. As soon as you disable SELinux and boot, files will be written without proper File Context and you will need to relabel in order for the SELinux system to function properly. You can run SELinux in non enforcing mode if you want to install a piece of software that the SELinux system will not allow you to install. setenforce 0 INSTALL NVIDIA setenforce 1 Should work fine on a targeted SELinux system. |