Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 317786 Details for
Bug 464004
doesnt install fluendo mp3 decoder properly
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
may be related
selinux_alert.txt (text/plain), 4.06 KB, created by
Martin Jürgens
on 2008-09-26 12:17:17 UTC
(
hide
)
Description:
may be related
Filename:
MIME Type:
Creator:
Martin Jürgens
Created:
2008-09-26 12:17:17 UTC
Size:
4.06 KB
patch
obsolete
> >Summary: > >SELinux is preventing gst-inspect-0.1 from making the program stack executable. > >Detailed Description: > >[SELinux is in permissive mode, the operation would have been denied but was >permitted due to permissive mode.] > >The gst-inspect-0.1 application attempted to make its stack executable. This is >a potential security problem. This should never ever be necessary. Stack memory >is not executable on most OSes these days and this will not change. Executable >stack memory is one of the biggest security problems. An execstack error might >in fact be most likely raised by malicious code. Applications are sometimes >coded incorrectly and request this permission. The SELinux Memory Protection >Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how >to remove this requirement. If gst-inspect-0.1 does not work and you need it to >work, you can configure SELinux temporarily to allow this access until the >application is fixed. Please file a bug report >(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. > >Allowing Access: > >Sometimes a library is accidentally marked with the execstack flag, if you find >a library with this flag you can clear it with the execstack -c LIBRARY_PATH. >Then retry your application. If the app continues to not work, you can turn the >flag back on with execstack -s LIBRARY_PATH. Otherwise, if you trust >gst-inspect-0.1 to run correctly, you can change the context of the executable >to unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t >'/usr/bin/gst-inspect-0.10'" You must also change the default file context files >on the system in order to preserve them even on a full relabel. "semanage >fcontext -a -t unconfined_execmem_exec_t '/usr/bin/gst-inspect-0.10'" > >Fix Command: > >chcon -t unconfined_execmem_exec_t '/usr/bin/gst-inspect-0.10' > >Additional Information: > >Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 >Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 >Target Objects None [ process ] >Source gst-inspect-0.1 >Source Path /usr/bin/gst-inspect-0.10 >Port <Unknown> >Host localhost.localdomain >Source RPM Packages gstreamer-0.10.20-5.fc10 >Target RPM Packages >Policy RPM selinux-policy-3.5.7-1.fc10 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name allow_execstack >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.27-0.352.rc7.git1.fc10.x86_64 #1 SMP Tue Sep > 23 21:13:29 EDT 2008 x86_64 x86_64 >Alert Count 1 >First Seen Fri 26 Sep 2008 12:08:34 PM EDT >Last Seen Fri 26 Sep 2008 12:08:34 PM EDT >Local ID ebe45c1f-b631-4482-a2ec-a1e05b9be29c >Line Numbers > >Raw Audit Messages > >node=localhost.localdomain type=AVC msg=audit(1222445314.952:29): avc: denied { execstack } for pid=4499 comm="gst-inspect-0.1" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process > >node=localhost.localdomain type=AVC msg=audit(1222445314.952:29): avc: denied { execmem } for pid=4499 comm="gst-inspect-0.1" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process > >node=localhost.localdomain type=SYSCALL msg=audit(1222445314.952:29): arch=c000003e syscall=10 success=yes exit=0 a0=7ffff71d5000 a1=1000 a2=1000007 a3=330000 items=0 ppid=4494 pid=4499 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gst-inspect-0.1" exe="/usr/bin/gst-inspect-0.10" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=317786">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 464004
: 317786