Description of problem: The current selinux-policies prevent the GLX-library from being loaded by X. The security-context for the file /usr/lib/xorg/modules/extensions/nvidia/libglx.so.1.0.8178 must be of type textrel_shlib_t, not lib_t. The related avc message is type=AVC msg=audit(1143751976.835:11): avc: denied { execmod } for pid=2476 comm="Xorg" name="libglx.so.1.0.8178" dev=hda1 ino=4361257 scontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tcontext=system_u:object_r:lib_t:s0 tclass=file Version-Release number of selected component (if applicable): selinux-policy-2.2.25-2.fc5 selinux-policy-targeted-2.2.25-2.fc Additional info: I have attached a patch with an update to the policy needed to load the GLX-lib.
Created attachment 127114 [details] Policy update to allow X to load the GLX-lib
Sorry, I forgot to mention the related dicussion going on in fedora-list: https://www.redhat.com/archives/fedora-list/2006-March/msg05976.html and the bug-report in livna's bugzilla: http://bugzilla.livna.org/show_bug.cgi?id=843
relabeling "chcon -t textrel_shlib_t libglx.so*" seems to have done the trick for me, but I understand this isn't a universal fix for one reason or another. selinux-policy-0:2.2.25-3.fc5.noarch
Fixed in selinux-policy-2.2.29-2.fc5
fixed loing ago afaics