Red Hat Bugzilla – Bug 187629
SElinux preventing Gizmo VoIP application from using its libsipphone shared library
Last modified: 2007-11-30 17:11:29 EST
Description of problem: The Gizmo third-party application does not run since SELinux tragetted policy is denying the use of the libsipphoneapi library. [mwiktowy@localhost ~]$ gizmo gizmo: error while loading shared libraries: /usr/lib/libsipphoneapi.so: cannot restore segment prot after reloc: Permission denied Looking at the /var/log/messages: Apr 1 20:11:49 localhost kernel: audit(1143940309.555:15): avc: denied { execmod } for pid=2228 comm="gizmo" name="libsipphoneapi.so.0.78.20060211" dev=hda2 ino=3713363 scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file Looking at the permissions and contexts: [root@localhost ~]# ls -la /usr/lib/libsipphoneapi.so.0.78.20060211 -rw-r--r-- 1 root root 33064270 Feb 11 15:08 /usr/lib/libsipphoneapi.so.0.78.20060211 [root@localhost ~]# ls -laZ /usr/lib/libsipphoneapi.so.0.78.20060211 -rw-r--r-- root root system_u:object_r:lib_t /usr/lib/libsipphoneapi.so.0.78.20060211 If I use the boot switch enforcing=0, Gizmo will run fine. Research at in the execmod section of http://fedora.redhat.com/docs/selinux-faq-fc5/ suggested assigning the context using: chcon -t testrel_shlib_t LIBRARY where I replaced LIBRARY with /usr/lib/libsipphoneapi.so.0.78.20060211 and reporting to bugzilla. However, that did not work as I would assume that context was enabled only for test releases. The libsipphone library is obtained here: http://www.gizmoproject.com/GizmoDownload/libsipphoneapi-alsa-0.78.20060211-1.fc4.i386.rpm
Fixed in selinux-policy-2.2.29-2.fc5
I can confirm that after the update to selinux-policy-2.2.29-3.fc5, a "fixfiles relabel" sets the context of the libsipphoneapi library to textrel_shlib_t and Gizmo works fine. Thanks.