Description of problem: I tried to install fluendo codecs with codeina and selinux stopped it from installing. Version-Release number of selected component (if applicable): How reproducible: every time Steps to Reproduce: 1. buy (or get for review) fluel ndo codec pack, save it on desktop 2. start codeina - choose from file menue "install downloaed plugin archive" 3. look at selinux-troubleshooter go wild :) 4. profit :) Actual results: Expected results: Additional info:
after I got alert-01 (look at the attachement) I issued this: chcon -t unconfined_execmem_exec_t '/usr/bin/gst-inspect-0.10' that got the ball rolling and then I got alerts 02-04 (look at the attachements)
Created attachment 294248 [details] selinux_alert_01
Created attachment 294249 [details] selinux_alert_02
Created attachment 294250 [details] selinux_alert_03
Created attachment 294251 [details] selinux_alert_04
after manually installing codecs in ~/.gstreamer-0.10/plugins I still see a lot of selinux AVC messages (alert_05)
Created attachment 294252 [details] selinux_alert_05
after setting: chcon -t unconfined_execmem_exec_t '/usr/bin/totem' I still can't play video files and got 3 new selinux alerts (alerts 06-08)
Created attachment 294253 [details] selinux_alert_06
Created attachment 294254 [details] selinux_alert_07
Created attachment 294255 [details] selinux_alert_08
after doing this: chcon -t textrel_shlib_t '/home/fedora/.gstreamer-0.10/plugins/' I got alert_09
Created attachment 294257 [details] selinux_alert_09
fluendo has built thier libaries with Intel compiler which does nor properly setup the shared library to handle executable memory. It causes execmod to happen. If you choose to install these files you either need to change the allow_exec* booleans or label the files on disk correctly. I will turn on these booleans when we release, but during rawhide they are off so we can know where the bad applications and libraries are. The final alert looks like a mislabeled file in /var/spool restorecon -R -v /var/spool should fix.