Bug 187524 - selinux-policy-targeted.noarch 2.2.25-2.fc5 breaks vmware
selinux-policy-targeted.noarch 2.2.25-2.fc5 breaks vmware
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-31 12:05 EST by rambler8
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-05 11:02:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description rambler8 2006-03-31 12:05:24 EST
After applying the following selinux updates, vmware-server beta no longer 
works:

kernel-smp.i686 2.6.16-1.2080_FC5
libselinux.i386 1.30-1.fc5
libsemanage.i386 1.6-1.fc5
libselinux-devel.i386 1.30-1.fc5
libselinux-python.i386 1.30-1.fc5
libsetrans.i386 0.1.20-1.fc5
selinux-policy.noarch 2.2.25-2.fc5
selinux-policy-targeted.noarch 2.2.25-2.fc5
policycoreutils.i386 1.30.1-2.fc5



The message in the audit.log is :
type=AVC msg=audit(1143823331.975:1494): avc:  denied  { execmod } for  
pid=10613 comm="vmware-serverd" name="VmPerl.so" dev=dm-0 ino=192810369 
scontext=root:system_r:unconfined_t:s0-s0:c0.c255 
tcontext=system_u:object_r:lib_t:s0 tclass=file



VmPerl.so is located in:

/usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-
multi/auto/VMware/VmPerl/VmPerl.so

and

/usr/lib/vmware/perl5/site_perl/5.005/i386-linux/auto/VMware/VmPerl/VmPerl.so
Comment 1 Daniel Walsh 2006-03-31 12:10:27 EST
chcon -t textrel_shlib_t
/usr/lib/vmware/perl5/site_perl/5.005/i386-linux/auto/VMware/VmPerl/VmPerl.so

or 

setsebool -P allow_execmod=1

This should be reported as a bug to vmware.  There library probably does not
need this priv, reference this site.

http://people.redhat.com/drepper/selinux-mem.html

Comment 2 Daniel Walsh 2006-04-03 12:39:06 EDT
Fixed in selinux-policy-2.2.29-2.fc5
Comment 3 Ian Pilcher 2006-04-13 15:48:55 EDT
Broken in 2.2.29-3.fc5:

[root@home VmPerl]# rpm -q selinux-policy-targeted
selinux-policy-targeted-2.2.29-3.fc5
[root@home VmPerl]# restorecon -nv *
restorecon reset
/usr/lib/vmware/perl5/site_perl/5.005/i386-linux/auto/VMware/VmPerl/VmPerl.so
context system_u:object_r:textrel_shlib_t->system_u:object_r:lib_t
Comment 4 Ian Pilcher 2006-04-13 15:50:14 EDT
I should add that
/usr/lib/vmware/perl5/site_perl/5.005/i386-linux/auto/VMware/HConfig/HConfig.so
appears to need this also.
Comment 6 Daniel Walsh 2006-05-05 11:02:33 EDT
Closing as these have been marked as modified, for a while.  Feel free to reopen
if not fixed

Note You need to log in before you can comment on or make changes to this bug.