Red Hat Bugzilla – Bug 469992
SELinux is preventing totem from loading /usr/lib/sse2/libavcodec.so.51.71.0
Last modified: 2008-12-02 11:00:57 EST
Created attachment 322522 [details]
Description of problem:
Current selinux policies prevent rpmfusion's ffmpeg based totem-plugins from being functional.
For details c.f.
The cause seems to be ffmpeg having started to ship sse2 variants of its libraries.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. On an i386-rawhide system, launch totem on a file requiring a totem plugin requiring ffmpeg
If launching totem via nautilus, packagekit is being launched, producing bogus results, searching for invalid plugins, triggering selinux-alerts.
* Discussions on rpmfusion-devel list seem to indicate that the ffmpeg related exceptions to /usr/lib/libav* need to be extended to /usr/lib/sse2/libav* on i386 platforms.
* Setting priority to high, because I would expect this bug to severely impact the user-experience with FC10.
Note that there is another problem with the latest ffmpeg and SELinux, ffmpeg has grown a new lib /usr/lib/libavfilter.so.*, which needs textrel too, so what needs to be added is:
1) textrel_shlib_t for /usr/lib/libavfilter.so.*
2) change all /usr/lib/libav*.so.* special rules to also cover /usr/lib/sse2/libav*.so.*
Fixed in selinux-policy-3.5.13-15.fc10
Created attachment 323024 [details]
avc denial on loading the codec w/ selinux-policy-3.5.13-19
D'oh I submitted the full denial report before the problem description, sorry.
The thing is, that I still get AVCs related to ffmpeg codecs even with selinux-policy-3.5.13-19 grabbed from Koji, the one attached is related to /usr/lib/sse2/libx264.so.61
Moving the bug back to ASSIGNED as this is not fixed completely yet.
(In reply to comment #5)
> D'oh I submitted the full denial report before the problem description, sorry.
> The thing is, that I still get AVCs related to ffmpeg codecs even with
> selinux-policy-3.5.13-19 grabbed from Koji, the one attached is related to
> Moving the bug back to ASSIGNED as this is not fixed completely yet.
Thats a different and new issue for which a new bug has been filed, see bug
Moving back to modified.
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.
More information and reason for this action is here:
As commented in RPM Fusion bugzilla:
/usr/lib/sse2/libpostproc.so.51.2.0 is causing the same SELinux alerts.