Bug 187220 - Can't use Livna bmp-mp3 package in selinux enforcing mode
Summary: Can't use Livna bmp-mp3 package in selinux enforcing mode
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
(Show other bugs)
Version: 5
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-03-29 11:02 UTC by idak
Modified: 2007-11-30 22:11 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-05 15:01:58 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description idak 2006-03-29 11:02:02 UTC
Description of problem:
I can't use Livna bmp-mp3 package in selinux enforcing mode.
(/usr/lib/bmp/Input/libmpg123.so)

Version-Release number of selected component (if applicable):
selinux-policy-targeted.noarch           2.2.23-15

How reproducible:
I did that "yum install bmp bmp-mp3".

Actual results:
I can't play mp3 file in bmp.

Expected results:
bmp play mp3 file.

Additional info:
I also did that "yum install xmms xmms-mp3".
Then I played mp3 file in xmms.
So please add bmp-mp3 in selinux policy like xmms-mp3...

Source: serefpolicy-2.2.23.tgz
serefpolicy/policy/modules/system/libraries.fc:148:
# Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
serefpolicy/policy/modules/system/libraries.fc:149:
/usr/lib(64)?/xmms/Input/libmpg123\.so--  
gen_context(system_u:object_r:textrel_shlib_t,s0)

Comment 1 Thorsten Leemhuis 2006-03-29 16:54:36 UTC
Livna tracks this problem as Bug 826 (
http://bugzilla.livna.org/show_bug.cgi?id=826 )

I was told that the freshrpms plugin packages has the same problem

If we can do anything in the rpm to fix this please tell us. But I suppose we need

/usr/lib(64)?/bmp/Input/libmpg123\.so          --      system_u:object_r:textre
l_shlib_t:s0

in the policy file. The actual denied message looks like this:

kernel: audit(1143132699.632:43): avc:  denied  { execmod } for  pid=23814
comm="beep-media-play" name="libmpg123.so" dev=hda6 ino=495848
scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0
tclass=file

Comment 2 Daniel Walsh 2006-04-03 16:00:56 UTC
Please read the following

http://people.redhat.com/drepper/selinux-mem.html

We can add that policy rule but it would be better to fix the library to not
need these priv

Comment 3 Daniel Walsh 2006-04-03 16:07:49 UTC
BTW This policy change is in selinux-policy-2.2.29-2.fc5

Comment 5 Daniel Walsh 2006-05-05 15:01:58 UTC
Closing as these have been marked as modified, for a while.  Feel free to reopen
if not fixed


Note You need to log in before you can comment on or make changes to this bug.