Bug 426784

Summary: ffmpeg selinux error
Product: [Fedora] Fedora Reporter: Axel Thimm <axel.thimm>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8CC: bugzilla
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Current Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-05 22:17:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Axel Thimm 2007-12-26 10:57:19 UTC
Description of problem:
A user reported the following on http://bugzilla.atrpms.net/show_bug.cgi?id=1344

> Running ffmpeg gives the following selinux error every time...
> 
> type=AVC msg=audit(1198522354.106:3297): avc:  denied  { execmod } for 
> pid=7804 comm="ffmpeg" path="/usr/lib/libswscale.so.0.5.0" dev=sda7 ino=967679
> scontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:lib_t:s0 tclass=file

Could the policy include support for ffmpeg? Thanks!

Comment 1 Daniel Walsh 2007-12-27 12:04:05 UTC
The problem is this library is built incorrectly

We can label it textrel_shlib_t and this error will go away, but a better way
would be to build the file correctly.

http://people.redhat.com/~drepper/selinux-mem.html



Comment 2 Axel Thimm 2007-12-28 09:40:51 UTC
Thanks, I read through http://people.redhat.com/~drepper/selinux-mem.html and
also to the linked http://people.redhat.com/drepper/textrelocs.html. If I
understand this correctly the assumption would be that libswscale.so.0.5.0 has
been built with bad or none pic flags and eu-findtextrel would be able to detect
that. But I get

# eu-findtextrel /usr/lib64/libswscale.so.0.5.0 
eu-findtextrel: no text relocations reported in '/usr/lib64/libswscale.so.0.5.0'

So most probably the issue is in some asm code where I must admit not to be able
to do much :/

I can report upstream to ffmpeg developers of course and hope that a future
release/snapshot will have this fixed.

Comment 3 Daniel Walsh 2007-12-31 12:02:46 UTC
Great thanks.

File context is fixed in 

selinux-policy-3.0.8-72.fc8

Comment 4 Daniel Walsh 2008-03-05 22:17:15 UTC
Bugs have been in modified for over one month.  Closing as fixed in current
release please reopen if the problem still persists.