Bug 187220 - Can't use Livna bmp-mp3 package in selinux enforcing mode
Can't use Livna bmp-mp3 package in selinux enforcing mode
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-29 06:02 EST by idak
Modified: 2007-11-30 17:11 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-05 11:01:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description idak 2006-03-29 06:02:02 EST
Description of problem:
I can't use Livna bmp-mp3 package in selinux enforcing mode.
(/usr/lib/bmp/Input/libmpg123.so)

Version-Release number of selected component (if applicable):
selinux-policy-targeted.noarch           2.2.23-15

How reproducible:
I did that "yum install bmp bmp-mp3".

Actual results:
I can't play mp3 file in bmp.

Expected results:
bmp play mp3 file.

Additional info:
I also did that "yum install xmms xmms-mp3".
Then I played mp3 file in xmms.
So please add bmp-mp3 in selinux policy like xmms-mp3...

Source: serefpolicy-2.2.23.tgz
serefpolicy/policy/modules/system/libraries.fc:148:
# Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
serefpolicy/policy/modules/system/libraries.fc:149:
/usr/lib(64)?/xmms/Input/libmpg123\.so--  
gen_context(system_u:object_r:textrel_shlib_t,s0)
Comment 1 Thorsten Leemhuis 2006-03-29 11:54:36 EST
Livna tracks this problem as Bug 826 (
http://bugzilla.livna.org/show_bug.cgi?id=826 )

I was told that the freshrpms plugin packages has the same problem

If we can do anything in the rpm to fix this please tell us. But I suppose we need

/usr/lib(64)?/bmp/Input/libmpg123\.so          --      system_u:object_r:textre
l_shlib_t:s0

in the policy file. The actual denied message looks like this:

kernel: audit(1143132699.632:43): avc:  denied  { execmod } for  pid=23814
comm="beep-media-play" name="libmpg123.so" dev=hda6 ino=495848
scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0
tclass=file
Comment 2 Daniel Walsh 2006-04-03 12:00:56 EDT
Please read the following

http://people.redhat.com/drepper/selinux-mem.html

We can add that policy rule but it would be better to fix the library to not
need these priv
Comment 3 Daniel Walsh 2006-04-03 12:07:49 EDT
BTW This policy change is in selinux-policy-2.2.29-2.fc5
Comment 5 Daniel Walsh 2006-05-05 11:01:58 EDT
Closing as these have been marked as modified, for a while.  Feel free to reopen
if not fixed

Note You need to log in before you can comment on or make changes to this bug.