Bug 426784 - ffmpeg selinux error
ffmpeg selinux error
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-26 05:57 EST by Axel Thimm
Modified: 2008-03-05 17:17 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-05 17:17:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Axel Thimm 2007-12-26 05:57:19 EST
Description of problem:
A user reported the following on http://bugzilla.atrpms.net/show_bug.cgi?id=1344

> Running ffmpeg gives the following selinux error every time...
> 
> type=AVC msg=audit(1198522354.106:3297): avc:  denied  { execmod } for 
> pid=7804 comm="ffmpeg" path="/usr/lib/libswscale.so.0.5.0" dev=sda7 ino=967679
> scontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:lib_t:s0 tclass=file

Could the policy include support for ffmpeg? Thanks!
Comment 1 Daniel Walsh 2007-12-27 07:04:05 EST
The problem is this library is built incorrectly

We can label it textrel_shlib_t and this error will go away, but a better way
would be to build the file correctly.

http://people.redhat.com/~drepper/selinux-mem.html

Comment 2 Axel Thimm 2007-12-28 04:40:51 EST
Thanks, I read through http://people.redhat.com/~drepper/selinux-mem.html and
also to the linked http://people.redhat.com/drepper/textrelocs.html. If I
understand this correctly the assumption would be that libswscale.so.0.5.0 has
been built with bad or none pic flags and eu-findtextrel would be able to detect
that. But I get

# eu-findtextrel /usr/lib64/libswscale.so.0.5.0 
eu-findtextrel: no text relocations reported in '/usr/lib64/libswscale.so.0.5.0'

So most probably the issue is in some asm code where I must admit not to be able
to do much :/

I can report upstream to ffmpeg developers of course and hope that a future
release/snapshot will have this fixed.
Comment 3 Daniel Walsh 2007-12-31 07:02:46 EST
Great thanks.

File context is fixed in 

selinux-policy-3.0.8-72.fc8
Comment 4 Daniel Walsh 2008-03-05 17:17:15 EST
Bugs have been in modified for over one month.  Closing as fixed in current
release please reopen if the problem still persists.

Note You need to log in before you can comment on or make changes to this bug.