Description of problem: Support for the SPUs of the Cell Broadband Engine of a Playstation 3 isn't correctly loaded when the SELinux mode is set to "Enforcing" with the targeted policy. libspe2 (a library provided by IBM for exploiting the SPUs of the Cell) relies on a system mount (spufs on /spu, type spufs) to access the SPUs. Unfortunately, an audit failure occurs while the system tries to mount the device at boot. Any application using the library will fail to create a context on a SPU. The exact audit message can be found in the attached logs; just search for "spufs". Setting the SELinux mode to "Permissive" or "Disabled", manually mounting the system device (mount -t spufs /spu), then setting back the mode to "Enforcing" works. Version-Release number of selected component (if applicable): * kernel.ppc64 2.6.21-1.3194.fc7 * selinux-policy-targeted.noarch 2.6.4-8.fc7 How reproducible: * Always. Steps to Reproduce: 1. Install Fedora 7 on a Playstation 3 using the PPC DVD. 2. Set SELinux to "Enforcing" during the first boot setup. 3. Install the IBM Cell B.E. SDK (some libraries are needed for accessing the SPUs). 4. Run an application using at least one SPU. Actual results: * The system fails to mount spufs. * The application will fail to create a context on a SPU. Expected results: * The system should mount spufs correctly, even while SELinux is enforcing the targeted policy. * The application should create a context on a SPU. Additional info: * I can provide a simple "Hello World" program using the SPUs of the Playstation 3. * Even though it was compiled for FC6, the kernel snapshot (2.6.21-rc7) shipping with the latest "PS3 Linux Distributor's Starter Kit" doesn't have the mount problem, possibly because spufs support was compiled directly in it. The kit can be found at the following address : http://kernel.org/pub/linux/kernel/people/geoff/cell/CELL-Linux-CL_20070516-ADDON/target/snapshot/kernel-2.6.21-20070425.ppc64.rpm
Created attachment 156145 [details] SELinux audit log after a fresh boot
Created attachment 156146 [details] dmesg output after a fresh boot
Fixed in selinux-policy-2.6.4-13.fc7
Thanks, the fix solved the issue.