Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 294250 Details for
Bug 431900
selinux prevents installing fluendo codecs from downloaded package
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
selinux_alert_03
selinux_alert_03.txt (text/plain), 4.04 KB, created by
Valent Turkovic
on 2008-02-07 18:26:24 UTC
(
hide
)
Description:
selinux_alert_03
Filename:
MIME Type:
Creator:
Valent Turkovic
Created:
2008-02-07 18:26:24 UTC
Size:
4.04 KB
patch
obsolete
> >Summary: > >SELinux is preventing gst-inspect-0.1 from loading >/home/fedora/.gstreamer-0.10/fluendo-megabundle-3.i386.dir.VGSO7q/fluendo-megabundle-i386/libgstflumpeg4videodec.so >which requires text relocation. > >Detailed Description: > >The gst-inspect-0.1 application attempted to load >/home/fedora/.gstreamer-0.10/fluendo-megabundle-3.i386.dir.VGSO7q/fluendo-megabundle-i386/libgstflumpeg4videodec.so >which requires text relocation. This is a potential security problem. Most >libraries do not need this permission. Libraries are sometimes coded incorrectly >and request this permission. The SELinux Memory Protection Tests >(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to >remove this requirement. You can configure SELinux temporarily to allow >/home/fedora/.gstreamer-0.10/fluendo-megabundle-3.i386.dir.VGSO7q/fluendo-megabundle-i386/libgstflumpeg4videodec.so >to use relocation as a workaround, until the library is fixed. Please file a bug >report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. > >Allowing Access: > >If you trust >/home/fedora/.gstreamer-0.10/fluendo-megabundle-3.i386.dir.VGSO7q/fluendo-megabundle-i386/libgstflumpeg4videodec.so >to run correctly, you can change the file context to textrel_shlib_t. "chcon -t >textrel_shlib_t >'/home/fedora/.gstreamer-0.10/fluendo-megabundle-3.i386.dir.VGSO7q/fluendo-megabundle-i386/libgstflumpeg4videodec.so'" >You must also change the default file context files on the system in order to >preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t >'/home/fedora/.gstreamer-0.10/fluendo-megabundle-3.i386.dir.VGSO7q/fluendo-megabundle-i386/libgstflumpeg4videodec.so'" > >The following command will allow this access: > >chcon -t textrel_shlib_t '/home/fedora/.gstreamer-0.10/fluendo-megabundle-3.i386.dir.VGSO7q/fluendo-megabundle-i386/libgstflumpeg4videodec.so' > >Additional Information: > >Source Context unconfined_u:unconfined_r:unconfined_execmem_t:s0- > s0:c0.c1023 >Target Context unconfined_u:object_r:user_home_t:s0 >Target Objects /home/fedora/.gstreamer-0.10/fluendo- > megabundle-3.i386.dir.VGSO7q/fluendo- > megabundle-i386/libgstflumpeg4videodec.so [ file ] >Source gst-inspect-0.1 >Source Path /usr/bin/gst-inspect-0.10 >Port <Unknown> >Host localhost.localdomain >Source RPM Packages gstreamer-0.10.17-1.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.2.6-5.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name allow_execmod >Host Name localhost.localdomain >Platform Linux localhost.localdomain 2.6.24-17.fc9 #1 SMP > Mon Feb 4 19:02:27 EST 2008 i686 i686 >Alert Count 1 >First Seen Thu 07 Feb 2008 07:07:30 PM CET >Last Seen Thu 07 Feb 2008 07:07:30 PM CET >Local ID 791fb17a-ab2f-4140-8cb1-594ac8aad877 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1202407650.437:33): avc: denied { execmod } for pid=4906 comm="gst-inspect-0.1" path="/home/fedora/.gstreamer-0.10/fluendo-megabundle-3.i386.dir.VGSO7q/fluendo-megabundle-i386/libgstflumpeg4videodec.so" dev=dm-1 ino=311362 scontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1202407650.437:33): arch=40000003 syscall=125 success=no exit=-13 a0=637000 a1=8f000 a2=5 a3=bf91f380 items=0 ppid=4592 pid=4906 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gst-inspect-0.1" exe="/usr/bin/gst-inspect-0.10" subj=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 key=(null) > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=294250">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 431900
:
294248
|
294249
| 294250 |
294251
|
294252
|
294253
|
294254
|
294255
|
294257