From: russell@coker.com.au (Russell Coker) Date: Fri, 15 Apr 2011 00:15:11 +1000 Subject: [refpolicy] semaphores Message-ID: <201104150015.11735.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com type=AVC msg=audit(1302788046.768:5309): avc: denied { unix_read unix_write } for pid=6009 comm="mplayer" key=5678293 scontext=abc:user_r:user_t:s0:c0.c255-s0:c0.c511 tcontext=abc:user_r:mozilla_t:s0:c0.c255-s0:c0.c511 tclass=sem In Debian we have a policy based on the 20100524 release. The above is the result of trying to run mplayer after doing something in a web browser that uses sound (Youtube on Chromium in this case). Apart from allowing mozilla_t and user_t to access each other's semaphores, rewriting the sound libraries, and using ipcrm, how can we solve this? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/