LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 03-23-2009, 08:22 PM   #1
decodedthought
Member
 
Registered: Oct 2007
Location: California,USA
Distribution: Archlinux
Posts: 195

Rep: Reputation: 20
Vmware


On my pursuit to actually emulate other linux distros i downloaded Vmware !!
well every time i start it i get this
in the settroubleshoot browser
Summary:

SELinux is preventing cupsd (cupsd_t) "write" rpm_script_t.

Detailed Description:

SELinux denied access requested by cupsd. It is not expected that this access is
required by cupsd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinu...fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023
Target Context unconfined_u:system_r:rpm_script_t:s0
Target Objects pipe [ fifo_file ]
Source cupsd
Source Path /usr/sbin/cupsd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages cups-1.3.9-8.fc10
Target RPM Packages
Policy RPM selinux-policy-3.5.13-48.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.27.19-170.2.35.fc10.x86_64 #1 SMP Mon Feb 23
13:00:23 EST 2009 x86_64 x86_64
Alert Count 1
First Seen Mon 23 Mar 2009 04:59:33 PM IST
Last Seen Mon 23 Mar 2009 04:59:33 PM IST
Local ID a52a2a19-d320-4612-8dfb-77613aef4d72
Line Numbers

Raw Audit Messages

node=localhost.localdomain type=AVC msg=audit(1237807773.638:231): avc: denied { write } for pid=10763 comm="cupsd" path="pipe:[135774]" dev=pipefs ino=135774 scontext=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0 tclass=fifo_file

node=localhost.localdomain type=AVC msg=audit(1237807773.638:231): avc: denied { write } for pid=10763 comm="cupsd" path="pipe:[135775]" dev=pipefs ino=135775 scontext=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0 tclass=fifo_file

node=localhost.localdomain type=SYSCALL msg=audit(1237807773.638:231): arch=c000003e syscall=59 success=yes exit=0 a0=1237f00 a1=1236e00 a2=1235bb0 a3=39b116da70 items=0 ppid=10762 pid=10763 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="cupsd" exe="/usr/sbin/cupsd" subj=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)


Summary:

SELinux prevented mount.ntfs from mounting on the file or directory
"/media/disk-8" (type "fusefs_t").

Detailed Description:

SELinux prevented mount.ntfs from mounting a filesystem on the file or directory
"/media/disk-8" of type "fusefs_t". By default SELinux limits the mounting of
filesystems to only some files or directories (those with types that have the
mountpoint attribute). The type "fusefs_t" does not have this attribute. You can
change the label of the file or directory.

Allowing Access:

Changing the file_context to mnt_t will allow mount to mount the file system:
"chcon -t mnt_t '/media/disk-8'." You must also change the default file context
files on the system in order to preserve them even on a full relabel. "semanage
fcontext -a -t mnt_t '/media/disk-8'"

Fix Command:

chcon -t mnt_t '/media/disk-8'

Additional Information:

Source Context system_u:system_r:mount_t:s0-s0:c0.c1023
Target Context system_ubject_r:fusefs_t:s0
Target Objects /media/disk-8 [ dir ]
Source mount.ntfs
Source Path /sbin/mount.ntfs-3g
Port <Unknown>
Host localhost.localdomain
Source RPM Packages ntfs-3g-1.5130-1.fc10
Target RPM Packages
Policy RPM selinux-policy-3.5.13-38.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name mounton
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.27.9-159.fc10.x86_64 #1 SMP Tue Dec 16
14:47:52 EST 2008 x86_64 x86_64
Alert Count 8
First Seen Thu 22 Jan 2009 09:01:55 PM IST
Last Seen Thu 22 Jan 2009 09:01:58 PM IST
Local ID a6463df6-e5e2-4f61-a4b7-2eae16112b8d
Line Numbers

Raw Audit Messages

node=localhost.localdomain type=AVC msg=audit(1232638318.248:28): avc: denied { mounton } for pid=2104 comm="mount.ntfs" path="/media/disk-8" dev=sda6 ino=5 scontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tcontext=system_ubject_r:fusefs_t:s0 tclass=dir

node=localhost.localdomain type=SYSCALL msg=audit(1232638318.248:28): arch=c000003e syscall=165 success=yes exit=0 a0=25c37b0 a1=25c3740 a2=25c3760 a3=0 items=0 ppid=2082 pid=2104 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mount.ntfs" exe="/sbin/mount.ntfs-3g" subj=system_u:system_r:mount_t:s0-s0:c0.c1023 key=(null)





I am sorry but wat do i do get VMWARE working ??????

Last edited by decodedthought; 03-25-2009 at 10:19 AM.
 
Old 03-24-2009, 09:34 AM   #2
fpmurphy
Member
 
Registered: Jan 2009
Location: /dev/ph
Distribution: Fedora, Ubuntu, Redhat, Centos
Posts: 286

Rep: Reputation: 61
You can either disable SELinux or follow the instructions provided by setroubleshoot and create the local policy module. A simple web search on "SELinux VMWare" turns up many pages of information on this issue.
 
Old 03-25-2009, 02:56 AM   #3
piyush.popli
LQ Newbie
 
Registered: Feb 2009
Location: New Delhi
Distribution: fedora 10, ubuntu 8.10
Posts: 12

Rep: Reputation: 0
Talking Newbie's best shot

ok 2 things...
1.) if you haven't ... just try and launch the app as root...
2.) in case you've tried No.1... you must be getting a SE-Linux message in the form of a star in your dock-panel...(its a yellow colored star)..click on it, it'll show you an elaborate message and will also give you tips to prevent this from happening...

ps: I'm a newbie..but I have the vmware working on my fc10.. fixed my SELinux warnings in the same way..
 
Old 03-25-2009, 10:16 AM   #4
decodedthought
Member
 
Registered: Oct 2007
Location: California,USA
Distribution: Archlinux
Posts: 195

Original Poster
Rep: Reputation: 20
mate can you tell how exactly did you go about it ???
 
Old 03-26-2009, 02:29 AM   #5
piyush.popli
LQ Newbie
 
Registered: Feb 2009
Location: New Delhi
Distribution: fedora 10, ubuntu 8.10
Posts: 12

Rep: Reputation: 0
@above

Ok me being a newbie, I'm really not that big on security so I just disabled SELinux.. just changed the "SELINUX" entry in /etc/selinux/config file to "disabled"...(its "enforcing" by default)... however anyone who knows better would advise otherwise especially if you want to someday re-enable it.... so I would suggest change the entry to "permissive" first and try....(it didn't work for me)....

Ps: disabling SELinux is a risk and a BIG ONE if your system is publicly accessible... mine is not..
Pps: the above claim of fixing this issue with warning messages was with regard to Vmplayer... (I'm always in a bit of a hurry.. sorry bout that.. )..

Last edited by piyush.popli; 03-26-2009 at 02:33 AM.
 
Old 03-26-2009, 04:08 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893
To build a local module start with running '( cat /var/log/messages; cat /var/log/audit/audit.log ) | audit2allow -r' as root user. That should build the rules list to use. If unsure post the output to the fedora-users mailing list of here (in BB code tags) before building the local policy module.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Configuration to access internet from vmware(host=winXP, guest on vmware=linux-5) afz_linux Linux - Newbie 3 12-30-2008 12:20 AM
vmware server install error, The VMware VmPerl Scripting API was not installed. fakie_flip Linux - Software 4 12-28-2008 04:49 AM
vmware virtual machine slow in vmware client, faster viewer available? purplesocrates Linux - General 1 06-17-2008 10:40 AM
LXer: VMware Unveils VMware Tools as Open Source Software LXer Syndicated Linux News 0 09-12-2007 03:10 AM
Install FC4 w/ Vmware, right of the Harddrive (vmware aceses ISO of HD, no CDs) colinstu Linux - General 1 02-24-2006 08:15 PM


All times are GMT -5. The time now is 07:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration