On Tuesday August 01 2006 8:20 am, Marc Schwartz wrote: Marc: comments interspersed > Just a heads up. If you do want to use the nVidia installer with SELinux > enabled, the instructions on the FedoraFaq web site need to be updated. > Undo the changes to the booleans: > > # /usr/sbin/setsebool -P allow_execstack 0 > # /usr/sbin/setsebool -P allow_execmod 0 > ran these and immediately got a prompt with no messages > Then update the file contexts instead: > > # /usr/sbin/semanage fcontext -a -f -- -t textrel_shlib_t > '/usr/lib/libGL(core)?\.so(\.[^/]*)*' Running each of the next three produced readout that seemed to indicate errors in syntax - i.e. instructions for proper running of the command: /usr/sbin/semanage fcontext -a -f -- -t textrel_shlib_t'/usr/lib/libGL(core)? \.so(\.[^/]*)*' semanage {login|user|port|interface|fcontext|translation} -l [-n] semanage login -{a|d|m} [-sr] login_name semanage user -{a|d|m} [-LrRP] selinux_name semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range semanage interface -{a|d|m} [-tr] interface_spec semanage fcontext -{a|d|m} [-frst] file_spec semanage translation -{a|d|m} [-T] level Primary Options: -a, --add Add a OBJECT record NAME -d, --delete Delete a OBJECT record NAME -m, --modify Modify a OBJECT record NAME -l, --list List the OBJECTS -h, --help Display this message -n, --noheading Do not print heading when listing OBJECTS Object-specific Options (see above): -f, --ftype File Type of OBJECT "" (all files) -- (regular file) -d (directory) -c (character device) -b (block device) -s (socket) -l (symbolic link) -p (named pipe) -p, --proto Port protocol (tcp or udp) -P, --prefix Prefix for home directory labeling -L, --level Default SELinux Level (MLS/MCS Systems only) -R, --roles SELinux Roles (ex: "sysadm_r staff_r") -T, --trans SELinux Level Translation (MLS/MCS Systems only) -s, --seuser SELinux User Name -t, --type SELinux Type for the object -r, --range MLS/MCS Security Range (MLS/MCS Systems only) On inspection, there is no file or directory named "/usr/lib/libGL" or "/usr/lib/libGL(core)" > # /usr/sbin/semanage fcontext -a -f -- -t textrel_shlib_t > '/usr/lib/libnvidia.*\.so(\.[^/]*)*' Running this command yielded similar results as just above, and in this case there is no file/directory named "/usr/lib/libnvidia" - the same for the next command > # /sbin/restorecon -v /usr/lib/libGL* /usr/lib/libnvidia* > > In case of line wrapping, each of the three commands above should be on > a single line. > > The above is based upon a discussion with Paul Howarth on the SELinux list I'm running the nvidia rpms from Livna - there is a folder called "/usr/lib/nvidia" which has "*.so" files in it; could this be what you mean for the last two commands? That still wouldn't account for the problem with "/usr/lib/libGL", however... -- Claude Jones Brunswick, MD, USA