Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 294255 Details for
Bug 431900
selinux prevents installing fluendo codecs from downloaded package
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
selinux_alert_08
selinux_alert_08.txt (text/plain), 3.43 KB, created by
Valent Turkovic
on 2008-02-07 18:38:49 UTC
(
hide
)
Description:
selinux_alert_08
Filename:
MIME Type:
Creator:
Valent Turkovic
Created:
2008-02-07 18:38:49 UTC
Size:
3.43 KB
patch
obsolete
> >Summary: > >SELinux is preventing totem from loading >/home/fedora/.gstreamer-0.10/plugins/libgstflumpeg2vdec.so which requires text >relocation. > >Detailed Description: > >The totem application attempted to load >/home/fedora/.gstreamer-0.10/plugins/libgstflumpeg2vdec.so which requires text >relocation. This is a potential security problem. Most libraries do not need >this permission. Libraries are sometimes coded incorrectly and request this >permission. The SELinux Memory Protection Tests >(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to >remove this requirement. You can configure SELinux temporarily to allow >/home/fedora/.gstreamer-0.10/plugins/libgstflumpeg2vdec.so to use relocation as >a workaround, until the library is fixed. Please file a bug report >(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. > >Allowing Access: > >If you trust /home/fedora/.gstreamer-0.10/plugins/libgstflumpeg2vdec.so to run >correctly, you can change the file context to textrel_shlib_t. "chcon -t >textrel_shlib_t '/home/fedora/.gstreamer-0.10/plugins/libgstflumpeg2vdec.so'" >You must also change the default file context files on the system in order to >preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t >'/home/fedora/.gstreamer-0.10/plugins/libgstflumpeg2vdec.so'" > >The following command will allow this access: > >chcon -t textrel_shlib_t '/home/fedora/.gstreamer-0.10/plugins/libgstflumpeg2vdec.so' > >Additional Information: > >Source Context unconfined_u:unconfined_r:unconfined_execmem_t:s0- > s0:c0.c1023 >Target Context unconfined_u:object_r:user_home_t:s0 >Target Objects /home/fedora/.gstreamer-0.10/plugins/libgstflumpeg > 2vdec.so [ file ] >Source totem >Source Path /usr/bin/totem >Port <Unknown> >Host localhost.localdomain >Source RPM Packages totem-2.21.92-1.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.2.6-5.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name allow_execmod >Host Name localhost.localdomain >Platform Linux localhost.localdomain 2.6.24-17.fc9 #1 SMP > Mon Feb 4 19:02:27 EST 2008 i686 i686 >Alert Count 1 >First Seen Thu 07 Feb 2008 07:35:30 PM CET >Last Seen Thu 07 Feb 2008 07:35:30 PM CET >Local ID ad1b3a57-f012-479d-bc27-95fba93dd2b4 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1202409330.213:43): avc: denied { execmod } for pid=6164 comm="totem" path="/home/fedora/.gstreamer-0.10/plugins/libgstflumpeg2vdec.so" dev=dm-1 ino=311371 scontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1202409330.213:43): arch=40000003 syscall=125 success=no exit=-13 a0=10d8000 a1=56000 a2=5 a3=bf907750 items=0 ppid=6163 pid=6164 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="totem" exe="/usr/bin/totem" subj=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 key=(null) > >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 431900
:
294248
|
294249
|
294250
|
294251
|
294252
|
294253
|
294254
| 294255 |
294257