Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 315428 Details for
Bug 458214
SELinux is preventing totem-audio-pre from making the program stack executabl
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
staring totem from terminal in SELinux eforcing mode
totem.txt (text/plain), 8.55 KB, created by
Flóki Pálsson
on 2008-08-30 20:51:25 UTC
(
hide
)
Description:
staring totem from terminal in SELinux eforcing mode
Filename:
MIME Type:
Creator:
Flóki Pálsson
Created:
2008-08-30 20:51:25 UTC
Size:
8.55 KB
patch
obsolete
>[floki@localhost ~]$ totem > >(totem:5285): GStreamer-WARNING **: Failed to load plugin '/home/floki/.gstreamer-0.10/plugins/libgstflump3dec.so': /home/floki/.gstreamer-0.10/plugins/libgstflump3dec.so: cannot enable executable stack as shared object requires: Permission denied >** Message: don't know how to handle audio/mpeg, mpegversion=(int)1, layer=(int)3 >** Message: Error: You do not have a decoder installed to handle this file. You might need to install the necessary plugins. >gstplaybasebin.c(2302): prepare_output (): /play > >** Message: Missing plugin: gstreamer|0.10|totem|MPEG-1 Layer 3 (MP3) decoder|decoder-audio/mpeg, mpegversion=(int)1, layer=(int)3 (MPEG-1 Layer 3 (MP3) decoder) >XID: 134218007 > >(totem:5285): GStreamer-WARNING **: Failed to load plugin '/home/floki/.gstreamer-0.10/plugins/libgstflump3dec.so': /home/floki/.gstreamer-0.10/plugins/libgstflump3dec.so: cannot enable executable stack as shared object requires: Permission denied >** Message: don't know how to handle audio/mpeg, mpegversion=(int)1, layer=(int)3 >** Message: Error: You do not have a decoder installed to handle this file. You might need to install the necessary plugins. >gstplaybasebin.c(2302): prepare_output (): /play > >** Message: Missing plugin: gstreamer|0.10|totem|MPEG-1 Layer 3 (MP3) decoder|decoder-audio/mpeg, mpegversion=(int)1, layer=(int)3 (ignoring) >** Message: All missing plugins are blacklisted, doing nothing >[floki@localhost ~]$ >[floki@localhost ~]$ > > >Summary: > >SELinux is preventing totem from making the program stack executable. > >Detailed Description: > >The totem application attempted to make its stack executable. This is a >potential security problem. This should never ever be necessary. Stack memory is >not executable on most OSes these days and this will not change. Executable >stack memory is one of the biggest security problems. An execstack error might >in fact be most likely raised by malicious code. Applications are sometimes >coded incorrectly and request this permission. The SELinux Memory Protection >Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how >to remove this requirement. If totem does not work and you need it to work, you >can configure SELinux temporarily to allow this access until the application is >fixed. Please file a bug report >(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. > >Allowing Access: > >Sometimes a library is accidentally marked with the execstack flag, if you find >a library with this flag you can clear it with the execstack -c LIBRARY_PATH. >Then retry your application. If the app continues to not work, you can turn the >flag back on with execstack -s LIBRARY_PATH. Otherwise, if you trust totem to >run correctly, you can change the context of the executable to >unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t '/usr/bin/totem'" >You must also change the default file context files on the system in order to >preserve them even on a full relabel. "semanage fcontext -a -t >unconfined_execmem_exec_t '/usr/bin/totem'" > >Fix Command: > >chcon -t unconfined_execmem_exec_t '/usr/bin/totem' > >Additional Information: > >Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 >Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 >Target Objects None [ process ] >Source totem >Source Path /usr/bin/totem >Port <Unknown> >Host localhost.localdomain >Source RPM Packages totem-2.23.4-1.fc10 >Target RPM Packages >Policy RPM selinux-policy-3.5.5-1.fc10 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name allow_execstack >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.27-0.290.rc5.fc10.x86_64 #1 SMP Thu Aug 28 > 21:32:46 EDT 2008 x86_64 x86_64 >Alert Count 11 >First Seen lau 30.ágú 2008, 20:26:16 GMT >Last Seen lau 30.ágú 2008, 20:38:09 GMT >Local ID be941791-f759-4f55-914a-031994488331 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1220128689.565:55): avc: denied { execstack } for pid=5285 comm="totem" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1220128689.565:55): arch=c000003e syscall=10 success=yes exit=0 a0=7fff32c7d000 a1=1000 a2=1000007 a3=34e5e20000 items=0 ppid=5202 pid=5285 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 ses=1 comm="totem" exe="/usr/bin/totem" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) > > > > > >Summary: > >SELinux is preventing totem from making the program stack executable. > >Detailed Description: > >The totem application attempted to make its stack executable. This is a >potential security problem. This should never ever be necessary. Stack memory is >not executable on most OSes these days and this will not change. Executable >stack memory is one of the biggest security problems. An execstack error might >in fact be most likely raised by malicious code. Applications are sometimes >coded incorrectly and request this permission. The SELinux Memory Protection >Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how >to remove this requirement. If totem does not work and you need it to work, you >can configure SELinux temporarily to allow this access until the application is >fixed. Please file a bug report >(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. > >Allowing Access: > >Sometimes a library is accidentally marked with the execstack flag, if you find >a library with this flag you can clear it with the execstack -c LIBRARY_PATH. >Then retry your application. If the app continues to not work, you can turn the >flag back on with execstack -s LIBRARY_PATH. Otherwise, if you trust totem to >run correctly, you can change the context of the executable to >unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t '/usr/bin/totem'" >You must also change the default file context files on the system in order to >preserve them even on a full relabel. "semanage fcontext -a -t >unconfined_execmem_exec_t '/usr/bin/totem'" > >Fix Command: > >chcon -t unconfined_execmem_exec_t '/usr/bin/totem' > >Additional Information: > >Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 >Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 >Target Objects None [ process ] >Source totem >Source Path /usr/bin/totem >Port <Unknown> >Host localhost.localdomain >Source RPM Packages totem-2.23.4-1.fc10 >Target RPM Packages >Policy RPM selinux-policy-3.5.5-1.fc10 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name allow_execstack >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.27-0.290.rc5.fc10.x86_64 #1 SMP Thu Aug 28 > 21:32:46 EDT 2008 x86_64 x86_64 >Alert Count 11 >First Seen lau 30.ágú 2008, 20:26:16 GMT >Last Seen lau 30.ágú 2008, 20:38:09 GMT >Local ID be941791-f759-4f55-914a-031994488331 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1220128689.565:55): avc: denied { execstack } for pid=5285 comm="totem" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1220128689.565:55): arch=c000003e syscall=10 success=yes exit=0 a0=7fff32c7d000 a1=1000 a2=1000007 a3=34e5e20000 items=0 ppid=5202 pid=5285 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 ses=1 comm="totem" exe="/usr/bin/totem" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) > > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=315428">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 458214
:
313655
| 315428