Bug 667093 - selinux policies for xvidcore need update
Summary: selinux policies for xvidcore need update
Keywords:
Status: CLOSED DUPLICATE of bug 652297
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 14
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-04 12:19 UTC by chedi toueiti
Modified: 2011-01-04 13:02 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-01-04 13:02:40 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description chedi toueiti 2011-01-04 12:19:53 UTC
Description of problem:

After a recent update of the xvidcore package, I get a selinux error while using gmplayer :

type=1400 audit(1294143306.356:9914): avc:  denied  { execstack } for  pid=1720 comm="gmplayer" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
[ 2404.712323] type=1400 audit(1294143323.834:9915): avc:  denied  { execstack } for  pid=1724 comm="gmplayer" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
[ 2414.427096] type=1400 audit(1294143333.548:9916): avc:  denied  { execstack } for  pid=1752 comm="gmplayer" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process


Version-Release number of selected component (if applicable):

libselinux-devel-2.0.96-6.fc14.1.i686
libselinux-2.0.96-6.fc14.1.i686
selinux-policy-3.9.7-19.fc14.noarch
libselinux-utils-2.0.96-6.fc14.1.i686
selinux-policy-targeted-3.9.7-19.fc14.noarch
libselinux-python-2.0.96-6.fc14.1.i686

xvidcore-1.2.2-1.fc14.i686
 
Switching the enforcing to permessive solve the probelem, so I think the targeted policiy have to be updated

Regards

Comment 1 chedi toueiti 2011-01-04 12:21:48 UTC
forget to add this:

gmplayer: error while loading shared libraries: libxvidcore.so.4: cannot enable executable stack as shared object requires: Permission denied

Comment 2 Miroslav Grepl 2011-01-04 13:02:40 UTC
Execute

# restorecon -R -v /usr/lib/libxvidcore*

and 

# setsebool -P allow_execstack 1

*** This bug has been marked as a duplicate of bug 652297 ***


Note You need to log in before you can comment on or make changes to this bug.