Bug 187220

Summary: Can't use Livna bmp-mp3 package in selinux enforcing mode
Product: [Fedora] Fedora Reporter: idak <shinkoi2005>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: drepper, dwalsh, fedora, nsoranzo
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-05 15:01:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description idak 2006-03-29 11:02:02 UTC
Description of problem:
I can't use Livna bmp-mp3 package in selinux enforcing mode.
(/usr/lib/bmp/Input/libmpg123.so)

Version-Release number of selected component (if applicable):
selinux-policy-targeted.noarch           2.2.23-15

How reproducible:
I did that "yum install bmp bmp-mp3".

Actual results:
I can't play mp3 file in bmp.

Expected results:
bmp play mp3 file.

Additional info:
I also did that "yum install xmms xmms-mp3".
Then I played mp3 file in xmms.
So please add bmp-mp3 in selinux policy like xmms-mp3...

Source: serefpolicy-2.2.23.tgz
serefpolicy/policy/modules/system/libraries.fc:148:
# Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
serefpolicy/policy/modules/system/libraries.fc:149:
/usr/lib(64)?/xmms/Input/libmpg123\.so--  
gen_context(system_u:object_r:textrel_shlib_t,s0)

Comment 1 Thorsten Leemhuis 2006-03-29 16:54:36 UTC
Livna tracks this problem as Bug 826 (
http://bugzilla.livna.org/show_bug.cgi?id=826 )

I was told that the freshrpms plugin packages has the same problem

If we can do anything in the rpm to fix this please tell us. But I suppose we need

/usr/lib(64)?/bmp/Input/libmpg123\.so          --      system_u:object_r:textre
l_shlib_t:s0

in the policy file. The actual denied message looks like this:

kernel: audit(1143132699.632:43): avc:  denied  { execmod } for  pid=23814
comm="beep-media-play" name="libmpg123.so" dev=hda6 ino=495848
scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0
tclass=file

Comment 2 Daniel Walsh 2006-04-03 16:00:56 UTC
Please read the following

http://people.redhat.com/drepper/selinux-mem.html

We can add that policy rule but it would be better to fix the library to not
need these priv

Comment 3 Daniel Walsh 2006-04-03 16:07:49 UTC
BTW This policy change is in selinux-policy-2.2.29-2.fc5

Comment 5 Daniel Walsh 2006-05-05 15:01:58 UTC
Closing as these have been marked as modified, for a while.  Feel free to reopen
if not fixed