VirtualBox

Ignore:
Timestamp:
Jul 21, 2016 11:46:06 AM (8 years ago)
Author:
vboxsync
Message:

bugref:8087: Additions/x11: support non-root X server: re-work SELinux context handling. In particular, make sure that the 3D libraries can be loaded by the GNOME Shell acceleration test to prevent an Oh No Something Has Gone Wrong screen.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/Additions/linux/installer/vboxadd.sh

    r62201 r62394  
    248248        ln -sf "${INSTALL_DIR}/lib/VBoxOGL.so" /var/lib/VBoxGuestAdditions/lib/libGL.so.1
    249249        ln -sf "${INSTALL_DIR}/lib/VBoxEGL.so" /var/lib/VBoxGuestAdditions/lib/libEGL.so.1
     250        # SELinux for the OpenGL libraries, so that gdm can load them during the
     251        # acceleration support check.  This prevents an "Oh no, something has gone
     252        # wrong!" error when starting EL7 guests.
     253        if test -e /etc/selinux/config; then
     254            semanage fcontext -a -t lib_t "/var/lib/VBoxGuestAdditions/lib/libGL.so.1"
     255            semanage fcontext -a -t lib_t "/var/lib/VBoxGuestAdditions/lib/libEGL.so.1"
     256            chcon -h  -t lib_t "/var/lib/VBoxGuestAdditions/lib/libGL.so.1"
     257            chcon -h  -t lib_t  "/var/lib/VBoxGuestAdditions/lib/libEGL.so.1"
     258        fi
    250259        echo "/var/lib/VBoxGuestAdditions/lib" > /etc/ld.so.conf.d/00vboxvideo.conf
    251260    fi
     
    432441EOF
    433442    chmod 0755 /etc/kernel/postinst.d/vboxadd /etc/kernel/prerm.d/vboxadd
    434     # At least Fedora 11 and Fedora 12 require the correct security context when
    435     # executing this command from service scripts. Shouldn't hurt for other
    436     # distributions.
    437     chcon -u system_u -t mount_exec_t "$lib_path/$PACKAGE/mount.vboxsf" > /dev/null 2>&1
    438     # And at least Fedora 15 needs this for the acceleration support check to
    439     # work
    440     redhat_release=`cat /etc/redhat-release 2> /dev/null`
    441     case "$redhat_release" in Fedora\ release\ 15* )
    442         for i in "$lib_path"/*.so
    443         do
    444             restorecon "$i" >/dev/null
    445         done
    446         ;;
    447     esac
    448 
     443    # SELinux security context for the mount helper.
     444    if test -e /etc/selinux/config; then
     445        # This is correct.  semanage maps this to the real path, and it aborts
     446        # with an error, telling you what you should have typed, if you specify
     447        # the real path.  The "chcon" is there as a back-up in case this is
     448        # different on old guests.
     449        semanage fcontext -a -t mount_exec_t "/usr/lib/$PACKAGE/mount.vboxsf"
     450        chcon -t mount_exec_t "$lib_path/$PACKAGE/mount.vboxsf"
     451    fi
    449452    succ_msg
    450453}
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette