Souhrn: SELinux is preventing mixer_applet2 from making the program stack executable. Podrobný popis: The mixer_applet2 application attempted to make its stack executable. This is a potential security problem. This should never ever be necessary. Stack memory is not executable on most OSes these days and this will not change. Executable stack memory is one of the biggest security problems. An execstack error might in fact be most likely raised by malicious code. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. If mixer_applet2 does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Povolení přístupu: Sometimes a library is accidentally marked with the execstack flag, if you find a library with this flag you can clear it with the execstack -c LIBRARY_PATH. Then retry your application. If the app continues to not work, you can turn the flag back on with execstack -s LIBRARY_PATH. Otherwise, if you trust mixer_applet2 to run correctly, you can change the context of the executable to unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t '/usr/libexec/mixer_applet2'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t unconfined_execmem_exec_t '/usr/libexec/mixer_applet2'" Příkaz pro opravu: chcon -t unconfined_execmem_exec_t '/usr/libexec/mixer_applet2' Další informace: Kontext zdroje unconfined_u:unconfined_r:unconfined_t:SystemLow- SystemHigh Kontext cíle unconfined_u:unconfined_r:unconfined_t:SystemLow- SystemHigh Objekty cíle None [ process ] Zdroj firefox Cesta zdroje /usr/lib/firefox-3.0.2/firefox Port <Neznámé> Počítač viklef RPM balíčky zdroje gnome-applets-2.24.0.1-4.fc10 RPM balíčky cíle RPM politiky selinux-policy-3.5.13-2.fc10 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Enforcing Název zásuvného modulu allow_execstack Název počítače viklef Platforma Linux viklef 2.6.27.3-30.rc1.fc10.i686 #1 SMP Mon Oct 20 01:35:32 EDT 2008 i686 i686 Počet upozornění 4 Poprvé viděno Po 20. říjen 2008, 13:21:41 CEST Naposledy viděno Pá 24. říjen 2008, 13:23:33 CEST Místní ID 2e104446-bbbc-450e-91d3-dbf98e2b915a Čísla řádků Původní zprávy auditu node=viklef type=AVC msg=audit(1224847413.868:93): avc: denied { execstack } for pid=4343 comm="mixer_applet2" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process node=viklef type=SYSCALL msg=audit(1224847413.868:93): arch=40000003 syscall=125 success=no exit=-13 a0=bff28000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=4324 pid=4343 auid=505 uid=505 gid=506 euid=505 suid=505 fsuid=505 egid=506 sgid=506 fsgid=506 tty=(none) ses=11 comm="mixer_applet2" exe="/usr/libexec/mixer_applet2" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
Adding to blocker because "no AVCs" is part of release criteria
Likely caused by loading some gstreamer plugins that need execstack.
Marking as duplicate, because I believe that updating the fluendo codecs will fix the problem. *** This bug has been marked as a duplicate of bug 466014 ***