Description of problem: I can't use Livna bmp-mp3 package in selinux enforcing mode. (/usr/lib/bmp/Input/libmpg123.so) Version-Release number of selected component (if applicable): selinux-policy-targeted.noarch 2.2.23-15 How reproducible: I did that "yum install bmp bmp-mp3". Actual results: I can't play mp3 file in bmp. Expected results: bmp play mp3 file. Additional info: I also did that "yum install xmms xmms-mp3". Then I played mp3 file in xmms. So please add bmp-mp3 in selinux policy like xmms-mp3... Source: serefpolicy-2.2.23.tgz serefpolicy/policy/modules/system/libraries.fc:148: # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame serefpolicy/policy/modules/system/libraries.fc:149: /usr/lib(64)?/xmms/Input/libmpg123\.so-- gen_context(system_u:object_r:textrel_shlib_t,s0)
Livna tracks this problem as Bug 826 ( http://bugzilla.livna.org/show_bug.cgi?id=826 ) I was told that the freshrpms plugin packages has the same problem If we can do anything in the rpm to fix this please tell us. But I suppose we need /usr/lib(64)?/bmp/Input/libmpg123\.so -- system_u:object_r:textre l_shlib_t:s0 in the policy file. The actual denied message looks like this: kernel: audit(1143132699.632:43): avc: denied { execmod } for pid=23814 comm="beep-media-play" name="libmpg123.so" dev=hda6 ino=495848 scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
Please read the following http://people.redhat.com/drepper/selinux-mem.html We can add that policy rule but it would be better to fix the library to not need these priv
BTW This policy change is in selinux-policy-2.2.29-2.fc5
Closing as these have been marked as modified, for a while. Feel free to reopen if not fixed