Description of problem: I was trying to update video codecs using fusion repository and PostIntallerF. During the update I received the SELinux alert. Additional info: libreport version: 2.0.18 kernel: 3.6.8-2.fc17.i686 description: :SELinux is preventing plugin-containe from 'execmod' accesses on the file /usr/lib/catalyst-legacy/libGL.so.1.2. : :***** Plugin allow_execmod (91.4 confidence) suggests ********************** : :If you want to allow plugin-containe to have execmod access on the libGL.so.1.2 file :Then you need to change the label on '/usr/lib/catalyst-legacy/libGL.so.1.2' :Do :# semanage fcontext -a -t textrel_shlib_t '/usr/lib/catalyst-legacy/libGL.so.1.2' :# restorecon -v '/usr/lib/catalyst-legacy/libGL.so.1.2' : :***** Plugin catchall (9.59 confidence) suggests *************************** : :If you believe that plugin-containe should be allowed execmod access on the libGL.so.1.2 file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep plugin-containe /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c : 0.c1023 :Target Context system_u:object_r:lib_t:s0 :Target Objects /usr/lib/catalyst-legacy/libGL.so.1.2 [ file ] :Source plugin-containe :Source Path plugin-containe :Port <Unknown> :Host (removed) :Source RPM Packages :Target RPM Packages xorg-x11-drv-catalyst-legacy-libs-12.6-3.fc17.i686 :Policy RPM selinux-policy-3.10.0-161.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.8-2.fc17.i686 #1 SMP Tue Nov : 27 20:14:11 UTC 2012 i686 i686 :Alert Count 3 :First Seen 2012-12-02 12:07:52 EST :Last Seen 2012-12-02 12:37:56 EST :Local ID db7a6ec0-9810-443c-9c84-c8f8dbd2c30d : :Raw Audit Messages :type=AVC msg=audit(1354469876.994:480): avc: denied { execmod } for pid=30031 comm="plugin-containe" path="/usr/lib/catalyst-legacy/libGL.so.1.2" dev="dm-1" ino=271663 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file : : :Hash: plugin-containe,mozilla_plugin_t,lib_t,file,execmod : :audit2allow : :#============= mozilla_plugin_t ============== :allow mozilla_plugin_t lib_t:file execmod; : :audit2allow -R : :#============= mozilla_plugin_t ============== :allow mozilla_plugin_t lib_t:file execmod; : Potential duplicate bug: 663553
Created attachment 656157 [details] File: type
Created attachment 656158 [details] File: hashmarkername
You will need to execute # semanage fcontext -a -t textrel_shlib_t '/usr/lib/catalyst-legacy/libGL.so.1.2' # restorecon -v '/usr/lib/catalyst-legacy/libGL.so.1.2' to fix labeling.