Résumé: SELinux is preventing atieventsd from loading /usr/lib/catalyst/libGL.so.1.2 which requires text relocation. Description détaillée: The atieventsd application attempted to load /usr/lib/catalyst/libGL.so.1.2 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/catalyst/libGL.so.1.2 to use relocation as a workaround, until the library is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Autoriser l'accès: If you trust /usr/lib/catalyst/libGL.so.1.2 to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/usr/lib/catalyst/libGL.so.1.2'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/usr/lib/catalyst/libGL.so.1.2'" Commande de correction: chcon -t textrel_shlib_t '/usr/lib/catalyst/libGL.so.1.2' Informations complémentaires: Contexte source system_u:system_r:initrc_t:s0 Contexte cible system_u:object_r:lib_t:s0 Objets du contexte /usr/lib/catalyst/libGL.so.1.2 [ file ] source atieventsd Chemin de la source /usr/sbin/atieventsd Port <Inconnu> Hôte (removed) Paquetages RPM source xorg-x11-drv-catalyst-9.8-1.fc11 Paquetages RPM cible xorg-x11-drv-catalyst-libs-9.8-1.fc11 Politique RPM selinux-policy-3.6.12-78.fc11 Selinux activé True Type de politique targeted MLS activé True Mode strict Enforcing Nom du plugin allow_execmod Nom de l'hôte (removed) Plateforme Linux (removed) 2.6.29.6-217.2.8.fc11.i686.PAE #1 SMP Sat Aug 15 01:07:59 EDT 2009 i686 i686 Compteur d'alertes 4 Première alerte lun. 24 août 2009 19:54:02 CEST Dernière alerte lun. 24 août 2009 20:11:39 CEST ID local bba57a99-c771-474f-9052-9e2f8aa1a218 Numéros des lignes Messages d'audit bruts node=(removed) type=AVC msg=audit(1251137499.644:6): avc: denied { execmod } for pid=2108 comm="atieventsd" path="/usr/lib/catalyst/libGL.so.1.2" dev=sda3 ino=138691 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1251137499.644:6): arch=40000003 syscall=125 success=no exit=-13 a0=138000 a1=85000 a2=5 a3=bfc60670 items=0 ppid=2107 pid=2108 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="atieventsd" exe="/usr/sbin/atieventsd" subj=system_u:system_r:initrc_t:s0 key=(null) Hash String generated from selinux-policy-3.6.12-78.fc11,allow_execmod,atieventsd,initrc_t,lib_t,file,execmod audit2allow suggests: #============= initrc_t ============== allow initrc_t lib_t:file execmod;
*** This bug has been marked as a duplicate of bug 538428 ***