Description of problem: SELinux AVC error when jokosher starts and tries to use ladspa plugins. Version-Release number of selected component (if applicable): ladspa-swh-plugins-0.4.15-8.fc7 How reproducible: Every time Actual results: avc: denied { execmod } for comm="jokosher" dev=dm-2 egid=500 euid=500 exe="/usr/bin/python" exit=-13 fsgid=500 fsuid=500 gid=500 items=0 name="sc4m_1916.so" path="/usr/lib/ladspa/sc4m_1916.so" pid=3986 scontext=user_u:system_r:unconfined_t:s0 sgid=500 subj=user_u:system_r:unconfined_t:s0 suid=500 tclass=file tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=500 Expected results: No AVC denial. Additional info: From setroubleshoot - "The jokosher application attempted to load /usr/lib/ladspa/sc4m_1916.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/ladspa/sc4m_1916.so to use relocation as a workaround, until the library is fixed. Please file a bug report against this package. If you trust /usr/lib/ladspa/sc4m_1916.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/lib/ladspa/sc4m_1916.so" The following command will allow this access: chcon -t textrel_shlib_t /usr/lib/ladspa/sc4m_1916.so
*** Bug 343751 has been marked as a duplicate of this bug. ***
This should be fixed in ladspa-swh-plugins-0.4.15-10.fc7, which I just pushed out to "stable".
ladspa-swh-plugins-0.4.15-10.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.