Description of problem: Seeing: Dec 5 17:01:02 cappello kernel: audit(1165363262.476:151): avc: denied { execheap } for pid=4276 comm="MATLAB" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process Is there any way other than allow_execheap=1 to give MATLAB execheap permission? Version-Release number of selected component (if applicable): selinux-policy-2.4.5-4.fc5
No. You could write policy for it. Sorry about loosing this bug in the stream of bugzillas.
This should really be reported as a bug in MATLAB.
One evil hack that you could do would be to assign java_exec_t to the executable. Jave currently has the execheap permission.
Not a bad idea actually, since I think it is the Java parts of matlab that's causing the problem.
What is the path to matlab?
Well, that's tricky because you can install it anywhere. In our case, we install it on our NFS server which causes problems with SELinux. Or in /opt/local/matlab on our laptops, or at least symbolic links are there that point to the real install in /export/local/matlab_r2006a (or whatever version). The binary is then in some location like /opt/local/matlab/bin/<arch>/MATLAB. Also, looks likes this is in the policy: /usr/local/matlab.*/bin/glnx86/libmwlapack\.so -- system_u:object_r:textrel_shlib_t:s0 I've added the following as well: /export/local/matlab.*/sys/os/glnx86/libtermcap.so system_u:object_r:textrel_shlib_t:s0 /export/local/matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl).so system_u:object_r:textrel_shlib_t:s0