Bug 312931
| Summary: | mono_t wants execstack | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Dominick Grift <dgrift1> | ||||
| Component: | mono | Assignee: | Alexander Larsson <alexl> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | rawhide | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 1.2.5-4 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2007-11-21 12:33:49 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 211671 [details]
mono.te diff
Does Mono need execstack or is this just a badly written application? I notice this denial is coming from part of totem - do you have gstreamer libraries from livna (e.g. gstreamer-ffmpeg) installed? Currently their x264 libraries incorrectly have the execstack flag set on them, which taints everything that loads those libraries, including totem and friends. See the fedora-test-list thread that ends here: https://www.redhat.com/archives/fedora-test-list/2007-September/msg00887.html Yes i installed some Livna plugins etc. This may explain the issue. i must say that i haven't had any issue's the last few day's, and there have been some updates in the livna repository. It looks to me like the problem has gone now for f8. I'll close this bug. |
Description of problem: type=AVC msg=audit(1191118234.434:369): avc: denied { execstack } for pid=10326 comm="totem-video-ind" scontext=system_u:system_r:mono_t:s0 tcontext=system_u:system_r:mono_t:s0 tclass=process Version-Release number of selected component (if applicable): selinux-policy-devel-3.0.8-14.fc8 How reproducible: I have 18 counts of this AVC denial. I suspect they happen at system start-up or user login. I have recently installed Beagle which i think relies on mono. This beagle service starts when a session is opened. Steps to Reproduce: Actual results: Expected results: Additional info: I attached a proposed change.