Bug 178924

Summary: needs execstack to start
Product: [Fedora] Fedora Reporter: Tom London <selinux>
Component: ekigaAssignee: Daniel Veillard <veillard>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: netllama
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: 2.0.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-15 12:28:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 150221    

Description Tom London 2006-01-25 15:22:13 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060103 Fedora/1.5-4 Firefox/1.5

Description of problem:
starting ekiga with SELinux targeted/enforcing produces:

ekiga: error while loading shared libraries: libSDL-1.2.so.0: cannot enable executable stack as shared object requires: Permission denied

Messages in /var/log/audit/audit.log:

type=AVC msg=audit(1138202408.728:317): avc:  denied  { execstack } for  pid=3764 comm="ekiga" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1138202408.728:317): arch=40000003 syscall=125 success=no exit=-13 a0=bfd72000 a1=1000 a2=1000007 a3=fffff000 items=0 pid=3764 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 comm="ekiga" exe="/usr/bin/ekiga"

Enabling execstack (via 'setsebool execstack=1') works around this, but logs many 'execmem' avc messages.


Version-Release number of selected component (if applicable):
ekiga-1.99.0-1

How reproducible:
Always

Steps to Reproduce:
1. start ekiga with SELINUX targeted/enforcing
2.
3.
  

Additional info:
Comment 1 Tom London 2006-01-25 16:22:52 UTC 
Gack....  Appears to be already files against SDL:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170187

Sorry for the dup.
Comment 2 Daniel Veillard 2006-01-25 16:26:33 UTC 
not really a dup, there is two issues which I think are separate:
  1/ the SELinux policy need to be updated for ekiga
  2/ the ekiga GConf registration problem

This bug covers 1/ and 170187 covers both 1/ and 2/
So let's keep both open,

Daniel
Comment 3 Daniel Veillard 2006-03-15 12:28:28 UTC 
I think it's all fixed now in the current release, thanks

Daniel