Bug 187524

Summary: selinux-policy-targeted.noarch 2.2.25-2.fc5 breaks vmware
Product: [Fedora] Fedora Reporter: rambler8
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: arequipeno, dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-05 15:02:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description rambler8 2006-03-31 17:05:24 UTC 
After applying the following selinux updates, vmware-server beta no longer 
works:

kernel-smp.i686 2.6.16-1.2080_FC5
libselinux.i386 1.30-1.fc5
libsemanage.i386 1.6-1.fc5
libselinux-devel.i386 1.30-1.fc5
libselinux-python.i386 1.30-1.fc5
libsetrans.i386 0.1.20-1.fc5
selinux-policy.noarch 2.2.25-2.fc5
selinux-policy-targeted.noarch 2.2.25-2.fc5
policycoreutils.i386 1.30.1-2.fc5



The message in the audit.log is :
type=AVC msg=audit(1143823331.975:1494): avc:  denied  { execmod } for  
pid=10613 comm="vmware-serverd" name="VmPerl.so" dev=dm-0 ino=192810369 
scontext=root:system_r:unconfined_t:s0-s0:c0.c255 
tcontext=system_u:object_r:lib_t:s0 tclass=file



VmPerl.so is located in:

/usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-
multi/auto/VMware/VmPerl/VmPerl.so

and

/usr/lib/vmware/perl5/site_perl/5.005/i386-linux/auto/VMware/VmPerl/VmPerl.so
Comment 1 Daniel Walsh 2006-03-31 17:10:27 UTC 
chcon -t textrel_shlib_t
/usr/lib/vmware/perl5/site_perl/5.005/i386-linux/auto/VMware/VmPerl/VmPerl.so

or 

setsebool -P allow_execmod=1

This should be reported as a bug to vmware.  There library probably does not
need this priv, reference this site.

http://people.redhat.com/drepper/selinux-mem.html
Comment 2 Daniel Walsh 2006-04-03 16:39:06 UTC 
Fixed in selinux-policy-2.2.29-2.fc5
Comment 3 Ian Pilcher 2006-04-13 19:48:55 UTC 
Broken in 2.2.29-3.fc5:

[root@home VmPerl]# rpm -q selinux-policy-targeted
selinux-policy-targeted-2.2.29-3.fc5
[root@home VmPerl]# restorecon -nv *
restorecon reset
/usr/lib/vmware/perl5/site_perl/5.005/i386-linux/auto/VMware/VmPerl/VmPerl.so
context system_u:object_r:textrel_shlib_t->system_u:object_r:lib_t
Comment 4 Ian Pilcher 2006-04-13 19:50:14 UTC 
I should add that
/usr/lib/vmware/perl5/site_perl/5.005/i386-linux/auto/VMware/HConfig/HConfig.so
appears to need this also.
Comment 6 Daniel Walsh 2006-05-05 15:02:33 UTC 
Closing as these have been marked as modified, for a while.  Feel free to reopen
if not fixed