Description of problem: A user reported the following on http://bugzilla.atrpms.net/show_bug.cgi?id=1344 > Running ffmpeg gives the following selinux error every time... > > type=AVC msg=audit(1198522354.106:3297): avc: denied { execmod } for > pid=7804 comm="ffmpeg" path="/usr/lib/libswscale.so.0.5.0" dev=sda7 ino=967679 > scontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:lib_t:s0 tclass=file Could the policy include support for ffmpeg? Thanks!
The problem is this library is built incorrectly We can label it textrel_shlib_t and this error will go away, but a better way would be to build the file correctly. http://people.redhat.com/~drepper/selinux-mem.html
Thanks, I read through http://people.redhat.com/~drepper/selinux-mem.html and also to the linked http://people.redhat.com/drepper/textrelocs.html. If I understand this correctly the assumption would be that libswscale.so.0.5.0 has been built with bad or none pic flags and eu-findtextrel would be able to detect that. But I get # eu-findtextrel /usr/lib64/libswscale.so.0.5.0 eu-findtextrel: no text relocations reported in '/usr/lib64/libswscale.so.0.5.0' So most probably the issue is in some asm code where I must admit not to be able to do much :/ I can report upstream to ffmpeg developers of course and hope that a future release/snapshot will have this fixed.
Great thanks. File context is fixed in selinux-policy-3.0.8-72.fc8
Bugs have been in modified for over one month. Closing as fixed in current release please reopen if the problem still persists.