On Thu, 2006-03-30 at 08:45 +0200, Eric Tanguy wrote:
> Le mercredi 29 mars 2006 à 23:18 +0100, Paul Howarth a écrit :
> > On Wed, 2006-03-29 at 13:47 -0800, Florin Andrei wrote:
> > > On Wed, 2006-03-29 at 13:42 -0800, Florin Andrei wrote:
> > >
> > > > What's interesting is that I don't get this error. glxgears works fine
> > > > for me.
> > >
> > > SELinux does log a few things, but it says "granted" which is why
> > > glxgears works.
> > >
> > > type=AVC msg=audit(1143668274.597:239): avc: granted { execmem } for
> > > pid=4444 comm="glxgears" scontext=user_u:system_r:unconfined_t:s0
> > > tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> > > type=SYSCALL msg=audit(1143668274.597:239): arch=40000003 syscall=192
> > > success=yes exit=1183744 a0=0 a1=2000 a2=7 a3=2 items=0 pid=4444
> > > auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500
> > > fsgid=500 comm="glxgears" exe="/usr/bin/glxgears"
> >
> > Perhaps you have the booleans allow_execmem and allow_execmod on?
> >
> > Paul.
> >
> I would like to modify nothing in selinux policy to make glx. I think this
> have to work out of the box.
> DO we have to wait for a new policy version ???
Try:
# setsebool -P allow_execmod 1
Paul.
