Bug 242590 - SELinux policy issue prevents to use SPUs on a Playstation 3
SELinux policy issue prevents to use SPUs on a Playstation 3
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
7
ppc64 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-04 18:50 EDT by Patrick Clément-Bonhomme
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.6.4-13.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-11 10:43:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
SELinux audit log after a fresh boot (4.89 KB, application/octet-stream)
2007-06-04 18:50 EDT, Patrick Clément-Bonhomme
no flags Details
dmesg output after a fresh boot (21.26 KB, application/octet-stream)
2007-06-04 18:55 EDT, Patrick Clément-Bonhomme
no flags Details

  None (edit)
Description Patrick Clément-Bonhomme 2007-06-04 18:50:48 EDT
Description of problem:
Support for the SPUs of the Cell Broadband Engine of a Playstation 3 isn't
correctly loaded when the SELinux mode is set to "Enforcing" with the targeted
policy.

libspe2 (a library provided by IBM for exploiting the SPUs of the Cell) relies
on a system mount (spufs on /spu, type spufs) to access the SPUs. Unfortunately,
an audit failure occurs while the system tries to mount the device at boot. Any
application using the library will fail to create a context on a SPU.

The exact audit message can be found in the attached logs; just search for "spufs". 

Setting the SELinux mode to "Permissive" or "Disabled", manually mounting the
system device (mount -t spufs /spu), then setting back the mode to "Enforcing"
works.

Version-Release number of selected component (if applicable):
* kernel.ppc64 2.6.21-1.3194.fc7
* selinux-policy-targeted.noarch 2.6.4-8.fc7

How reproducible:
* Always.

Steps to Reproduce:
1. Install Fedora 7 on a Playstation 3 using the PPC DVD.
2. Set SELinux to "Enforcing" during the first boot setup.
3. Install the IBM Cell B.E. SDK (some libraries are needed for accessing the SPUs).
4. Run an application using at least one SPU.
  
Actual results:
* The system fails to mount spufs.
* The application will fail to create a context on a SPU.

Expected results:
* The system should mount spufs correctly, even while SELinux is enforcing the
targeted policy.
* The application should create a context on a SPU.

Additional info:
* I can provide a simple "Hello World" program using the SPUs of the Playstation 3.
* Even though it was compiled for FC6, the kernel snapshot (2.6.21-rc7) shipping
with the latest "PS3 Linux Distributor's Starter Kit" doesn't have the mount
problem, possibly because spufs support was compiled directly in it. The kit can
be found at the following address :
 
http://kernel.org/pub/linux/kernel/people/geoff/cell/CELL-Linux-CL_20070516-ADDON/target/snapshot/kernel-2.6.21-20070425.ppc64.rpm
Comment 1 Patrick Clément-Bonhomme 2007-06-04 18:50:48 EDT
Created attachment 156145 [details]
SELinux audit log after a fresh boot
Comment 2 Patrick Clément-Bonhomme 2007-06-04 18:55:12 EDT
Created attachment 156146 [details]
dmesg output after a fresh boot
Comment 3 Daniel Walsh 2007-06-05 08:23:48 EDT
Fixed in selinux-policy-2.6.4-13.fc7
Comment 4 Patrick Clément-Bonhomme 2007-06-09 01:39:57 EDT
Thanks, the fix solved the issue.

Note You need to log in before you can comment on or make changes to this bug.