Important Information These are community forums and not official technical support. If you need official support: Contact Us
The following comments are owned by whoever posted them. We are not responsible for them in any way.
Any gurus out there create a useful rule in selinux for any of the CX products? Just curious since my research was helpful but not helpful, it told me not to ignore it outright, but not on what type of ruleset that would be needed.
Any help?
[below are a few of the less talked about errors that setroubleshooter pops up nonstop on all games. This is in relationship to me just launching Star Trek Online]
Andrew Schott on 2010-07-11 13:52
Summary:
SELinux is preventing /usr/sbin/groupadd access to a leaked /tmp/tmplf2MmO file
descriptor.
Detailed Description:
[SELinux is in permissive mode. This access was not denied.]
SELinux denied access requested by the groupadd command. It looks like this is
either a leaked descriptor or groupadd output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /tmp/tmplf2MmO. You should generate a bugzilla on selinux-policy, and it
will get routed to the appropriate package. You can safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385)
Additional Information:
Source Context system_u:system_r:groupadd_t:s0-s0:c0.c1023
Target Context system_u:object_r:initrc_tmp_t:s0
Target Objects /tmp/tmplf2MmO [ file ]
Source groupadd
Source Path /usr/sbin/groupadd
Port <Unknown>
Host asus-g51.schotty.net
Source RPM Packages shadow-utils-4.1.4.2-5.fc13
Target RPM Packages
Policy RPM selinux-policy-3.7.19-28.fc13
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Plugin Name leaks
Host Name asus-g51.schotty.net
Platform Linux asus-g51.schotty.net
2.6.33.5-124.fc13.x86_64 #1 SMP Fri Jun 11
09:38:12 UTC 2010 x86_64 x86_64
Alert Count 2
First Seen Wed 07 Jul 2010 08:38:49 PM CDT
Last Seen Wed 07 Jul 2010 08:40:01 PM CDT
Local ID f0569e34-84c5-4936-95a7-e7fed1326d71
Line Numbers
Raw Audit Messages
node=asus-g51.schotty.net type=AVC msg=audit(1278553201.954:26): avc: denied { read append } for pid=3365 comm="groupadd" path="/tmp/tmplf2MmO" dev=sda6 ino=17085 scontext=system_u:system_r:groupadd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file
node=asus-g51.schotty.net type=SYSCALL msg=audit(1278553201.954:26): arch=c000003e syscall=59 success=yes exit=0 a0=1807610 a1=1806350 a2=1805d90 a3=28 items=0 ppid=3364 pid=3365 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="groupadd" exe="/usr/sbin/groupadd" subj=system_u:system_r:groupadd_t:s0-s0:c0.c1023 key=(null)
Summary:
SELinux is preventing /usr/sbin/semodule access to a leaked /tmp/tmplf2MmO file
descriptor.
Detailed Description:
[SELinux is in permissive mode. This access was not denied.]
SELinux denied access requested by the semodule command. It looks like this is
either a leaked descriptor or semodule output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /tmp/tmplf2MmO. You should generate a bugzilla on selinux-policy, and it
will get routed to the appropriate package. You can safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385)
Additional Information:
Source Context system_u:system_r:semanage_t:s0-s0:c0.c1023
Target Context system_u:object_r:initrc_tmp_t:s0
Target Objects /tmp/tmplf2MmO [ file ]
Source semodule
Source Path /usr/sbin/semodule
Port <Unknown>
Host asus-g51.schotty.net
Source RPM Packages policycoreutils-2.0.82-31.fc13
Target RPM Packages
Policy RPM selinux-policy-3.7.19-28.fc13
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Plugin Name leaks
Host Name asus-g51.schotty.net
Platform Linux asus-g51.schotty.net
2.6.33.5-124.fc13.x86_64 #1 SMP Fri Jun 11
09:38:12 UTC 2010 x86_64 x86_64
Alert Count 1
First Seen Wed 07 Jul 2010 08:42:02 PM CDT
Last Seen Wed 07 Jul 2010 08:42:02 PM CDT
Local ID a27c78f4-2616-466a-ae56-22677d233386
Line Numbers
Raw Audit Messages
node=asus-g51.schotty.net type=AVC msg=audit(1278553322.277:27): avc: denied { append } for pid=3539 comm="semodule" path="/tmp/tmplf2MmO" dev=sda6 ino=17085 scontext=system_u:system_r:semanage_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file
node=asus-g51.schotty.net type=SYSCALL msg=audit(1278553322.277:27): arch=c000003e syscall=59 success=yes exit=0 a0=13d0af0 a1=13cb350 a2=13cad90 a3=b8 items=0 ppid=3537 pid=3539 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="semodule" exe="/usr/sbin/semodule" subj=system_u:system_r:semanage_t:s0-s0:c0.c1023 key=(null)
Please Note: This Forum is for non-application specific questions relating to installation/configuration of CrossOver. All application-specific posts to this Forum will be moved to their appropriate Compatibility Center Forum.
CrossOver Forums: the place to discuss running Windows applications on Mac and Linux