Sumário: O SELinux está impedindo que o /usr/lib/vlc/vlc-cache-gen carregue /usr/lib/vlc/plugins/codec/librealvideo_plugin.so, o que requer deslocamento de texto. Descrição detalhada: The vlc-cache-gen application attempted to load /usr/lib/vlc/plugins/codec/librealvideo_plugin.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://www.akkadia.org/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/vlc/plugins/codec/librealvideo_plugin.so to use relocation as a workaround, until the library is fixed. Please file a bug report. Permitindo acesso: Se você confiar que o /usr/lib/vlc/plugins/codec/librealvideo_plugin.so irá rodar corretamente, você pode mudar o contexto do arquivo para textrel_shlib_t. "chcon -t textrel_shlib_t '/usr/lib/vlc/plugins/codec/librealvideo_plugin.so'" Você deve também alterar o arquivo padrão dos arquivos de contexto no sistema para preservá-los mesmo em uma reetiquetagem completa. "semanage fcontext -a -t textrel_shlib_t '/usr/lib/vlc/plugins/codec/librealvideo_plugin.so'" Comando de correção: chcon -t textrel_shlib_t '/usr/lib/vlc/plugins/codec/librealvideo_plugin.so' Informações adicionais: Contexto de origem system_u:system_r:rpm_script_t:s0-s0:c0.c1023 Contexto de destino system_u:object_r:lib_t:s0 Objetos de destino /usr/lib/vlc/plugins/codec/librealvideo_plugin.so [ file ] Origem vlc-cache-gen Caminho da origem /usr/lib/vlc/vlc-cache-gen Porta <Desconhecido> Máquina (removido) Pacotes RPM de origem vlc-core-1.1.4-2.fc13 Pacotes RPM de destino vlc-core-1.1.4-2.fc13 RPM da política selinux-policy-3.7.19-54.fc13 Selinux habilitado True Tipo de política targeted Modo reforçado Enforcing Nome do plugin allow_execmod Nome da máquina (removido) Plataforma Linux (removido) 2.6.34.6-47.fc13.i686 #1 SMP Fri Aug 27 09:48:44 UTC 2010 i686 i686 Contador de alertas 2 Visto pela primeira vez em Ter 07 Set 2010 12:55:13 BRT Visto pela última vez em Ter 07 Set 2010 12:55:15 BRT ID local 3b07f8b9-ca0c-40ec-a29e-73187d092b7d Números de linha Mensagens de auditoria não pr node=(removido) type=AVC msg=audit(1283874915.431:24): avc: denied { execmod } for pid=2431 comm="vlc-cache-gen" path="/usr/lib/vlc/plugins/codec/librealvideo_plugin.so" dev=dm-0 ino=920091 scontext=system_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file node=(removido) type=SYSCALL msg=audit(1283874915.431:24): arch=40000003 syscall=125 success=no exit=-13 a0=4c4d000 a1=1b000 a2=5 a3=bfb8ca90 items=0 ppid=2430 pid=2431 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="vlc-cache-gen" exe="/usr/lib/vlc/vlc-cache-gen" subj=system_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null) Hash String generated from allow_execmod,vlc-cache-gen,rpm_script_t,lib_t,file,execmod audit2allow suggests: #============= rpm_script_t ============== #!!!! This avc can be allowed using the boolean 'allow_execmod' allow rpm_script_t lib_t:file execmod;
restorecon -R -v /var/lib/vlc Should fix.
(In reply to comment #1) > restorecon -R -v /var/lib/vlc > > Should fix. # restorecon -R -v /var/lib/vlc # Would the lack of output to my command indicate nothing was fixed?
The label is fixed in selinux-policy-3.7.19-61.fc13. chcon -t textrel_shlib_t '/usr/lib/vlc/plugins/codec/librealvideo_plugin.so' will fix for now.
selinux-policy-3.7.19-62.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-62.fc13
selinux-policy-3.7.19-62.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-62.fc13
These spanish people are incredible rude these days.
the label is fixed with selinux-policy-3.7.19-61.fc13 for me. As far as I am concerned, bug is FIXED
Update the karma.
selinux-policy-3.7.19-62.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.