Description of problem:aicks in and blocks channel changings soon as I open the dvbt in kaffeine selinux kicks in and blocks channel changing Version-Release number of selected component (if applicable):Kaffeine dvb-t How reproducible:open kaffeine Steps to Reproduce:see above 1. 2. 3. Actual results: Expected results: Additional info: Zusammenfassung: SELinux hindert kaffeine (unconfined_t) "execmod" am Zugriff auf /usr/lib/sse2/libpostproc.so.51.2.0 (lib_t). Detaillierte Beschreibung: SELinux verweigerte den von kaffeine angeforderten Zugriff. Da nicht davon ausgegangen wird, dass dieser Zugriff von kaffeine benötigt wird, signalisiert dies möglicherweise einen Einbruchsversuch. Es ist ausserdem möglich, dass diese spezielle Version oder Konfiguration der Anwendung den zusätzlichen Zugriff verursacht. Zugriff erlauben: Gelegentlich führen Probleme mit der Bezeichnung zu SELinux-Verweigerungen. Sie können versuchen, den standardmässigen Systemdatei-Kontext für /usr/lib/sse2/libpostproc.so.51.2.0 wiederherzustellen. restorecon -v '/usr/lib/sse2/libpostproc.so.51.2.0' Derzeit existiert keine Möglichkeit, diesen Zugriff zu automatisieren. Alternativ können Sie eine lokales Richtlinien-Modul erstellen, um diesen Zugriff zu gewähren - werfen Sie einen Blick auf FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) - Sie können auch den SELinux-Schutz für diese Anwendung komplett deaktivieren. Davon wird jedoch abgeraten! Bitte reichen Sie einen Fehlerbericht (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) für dieses Paket ein. Zusätzliche Informationen: Quellkontext unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Zielkontext system_u:object_r:lib_t:s0 Zielobjekte /usr/lib/sse2/libpostproc.so.51.2.0 [ file ] Quelle kaffeine Quellen-Pfad /usr/bin/kaffeine Port <Unbekannt> Host localhost.localdomain Quellen-RPM-Pakete kaffeine-0.8.7-2.fc10 Ziel-RPM-Pakete ffmpeg-libs-0.4.9-0.52.20080908.fc10 RPM-Richtlinie selinux-policy-3.5.13-18.fc10 SELinux aktiviert True Richtlinienversion targeted MLS aktiviert True Enforcing-Modus Enforcing Plugin-Name catchall_file Hostname localhost.localdomain Plattform Linux localhost.localdomain 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686 i686 Anzahl der Alarme 2 Zuerst gesehen Mo 24 Nov 2008 00:46:51 CET Zuletzt gesehen Mo 24 Nov 2008 00:46:51 CET Lokale ID 4b8288bf-2532-4825-b4cc-0f7713e8a762 Zeilennummern Raw-Audit-Meldungen node=localhost.localdomain type=AVC msg=audit(1227484011.415:47): avc: denied { execmod } for pid=28761 comm="kaffeine" path="/usr/lib/sse2/libpostproc.so.51.2.0" dev=dm-0 ino=3186707 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file node=localhost.localdomain type=SYSCALL msg=audit(1227484011.415:47): arch=40000003 syscall=125 success=no exit=-13 a0=3c7f000 a1=9000 a2=5 a3=bffb55a0 items=0 ppid=1 pid=28761 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="kaffeine" exe="/usr/bin/kaffeine" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
Try to change the context of the file to textrel_shlib_t: chcon -t textrel_shlib_t /usr/lib/sse2/libpostproc.so.51.2.0
Fixed in selinux-policy-3.3.1-112.fc9.noarch
First of all: it is for a newbee very difficult, to find out the way to post a bug here, because clicking on new, nothing happens.... Second: the bug I posted appeared also after an update to fc10. I only got rid of it by allowing almost all of the filters, not knowing, which one finally did it. Posting a code without explanation does not help much.. where do you insert it and how. Not everybody in the community is an expert in programming and linux. If you gus want the Linux community to grow, then always consider the newcomers... I consider it as solved as my allowing almost all in the selinux settings did the job
I believe you turned on the allow_execmod boolean? The suggested fix was to label the file with the context textrel_shlib_t. The problem here is the people who are packaging up /usr/lib/sse2/libpostproc.so.51.2.0, have built it with incorrect flags, so it is causing SELinux to complain. If you label the file with textrel_shlib_t, SELinux will realize the file is built incorrectly and will no longer complain. I have changed selinux-policy in selinux-policy-3.3.1-112.fc9.noarch to set this label automatically to prevent this error from happening to others.
This message is a reminder that Fedora 9 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 9. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '9'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 9's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 9 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping