Red Hat Bugzilla – Bug 431900
selinux prevents installing fluendo codecs from downloaded package
Last modified: 2008-03-17 15:35:58 EDT
Description of problem:
I tried to install fluendo codecs with codeina and selinux stopped it from
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. buy (or get for review) fluel ndo codec pack, save it on desktop
2. start codeina - choose from file menue "install downloaed plugin archive"
3. look at selinux-troubleshooter go wild :)
4. profit :)
after I got alert-01 (look at the attachement) I issued this:
chcon -t unconfined_execmem_exec_t '/usr/bin/gst-inspect-0.10'
that got the ball rolling and then I got alerts 02-04 (look at the attachements)
Created attachment 294248 [details]
Created attachment 294249 [details]
Created attachment 294250 [details]
Created attachment 294251 [details]
after manually installing codecs in ~/.gstreamer-0.10/plugins I still see a lot
of selinux AVC messages (alert_05)
Created attachment 294252 [details]
chcon -t unconfined_execmem_exec_t '/usr/bin/totem'
I still can't play video files and got 3 new selinux alerts (alerts 06-08)
Created attachment 294253 [details]
Created attachment 294254 [details]
Created attachment 294255 [details]
after doing this:
chcon -t textrel_shlib_t '/home/fedora/.gstreamer-0.10/plugins/'
I got alert_09
Created attachment 294257 [details]
fluendo has built thier libaries with Intel compiler which does nor properly
setup the shared library to handle executable memory. It causes execmod to
happen. If you choose to install these files you either need to change the
allow_exec* booleans or label the files on disk correctly. I will turn on these
booleans when we release, but during rawhide they are off so we can know where
the bad applications and libraries are.
The final alert looks like a mislabeled file in /var/spool
restorecon -R -v /var/spool