Re: gstreamer and selinux issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2006-08-11 at 15:59 -0400, Louis Garcia II wrote:
> On Fri, 2006-08-11 at 08:01 -0100, Paul Howarth wrote:
> > On Thu, 2006-08-10 at 16:31 -0400, Louis Garcia II wrote:
> > > On Thu, 2006-08-10 at 10:15 -0400, Daniel J Walsh wrote:
> > > > On Wed, 2006-08-09 at 20:31 -0400, Louis Garcia II wrote:
> > > > > On Wed, 2006-08-09 at 18:12 -0400, Louis Garcia II wrote:
> > > > > > I was able to setup the pitfdll plugin for gstreamer and use the win32
> > > > > > codecs under fc5 with selinux enabled. The pitfdll plugin needed to be
> > > > > > marked textrel_shlib_t and the codecs under /usr/lib/win32 marked lib_t.
> > > > > > > This worked for FC5 under selinux and FC6 with selinux disabled. But
> > > > > > selinux under FC6 seems to have changed. Is their another lable I
> > > > > > should use, how can I debug this?
> > > > > > 
> > > > > > -Thanks
> > > > > 
> > > > > This is what I get:
> > > > > 
> > > > > Aug  9 19:12:34 soncomputer kernel: audit(1155165152.723:10): avc:
> > > > > denied  { execstack } for  pid=9530 comm="totem"
> > > > > scontext=user_u:system_r:unconfined_t:s0
> > > > > tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> > > > > 
> > > > > -Louis
> > > >
> > > > you can turn on allow_execstack or change the context of totem to
> > > unconfined_execmen_exec_t
> > > > chcon -t unconfined_execmem_exec_t /usr/bin/totem
> > > 
> > > if I turn on allow_execstack would that be for everything
> > 
> > Yes.
> > 
> > >  or just for totem?
> > > What would be the most secure of these two options?
> > 
> > Just changing the context type of totem.
> > 
> > Paul.
> 
> Ok, I chaged the context type of totem and now it's:
> -rwxr-xr-x  root root system_u:object_r:unconfined_execmem_exec_t /usr/bin/totem
> 
> This seems to fix my problem. However I get a slightly different message now:
> Aug 11 15:09:41 soncomputer kernel: audit(1155323379.605:36): avc:  denied  { execheap } for  pid=3094 comm="totem" scontext=user_u:system_r:unconfined_execmem_t:s0 tcontext=user_u:system_r:unconfined_execmem_t:s0 tclass=process
> 
> what does it mean?
> 
> -Louis

I am also having problems with totem-mozplugin, totem's plugin for
firefox. 

Aug 11 16:18:15 soncomputer kernel: audit(1155327494.846:63): avc:
denied  { execstack } for  pid=11603 comm="totem-mozilla-v"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process

Aug 11 16:18:15 soncomputer kernel: audit(1155327494.850:64): avc:
denied  { execstack } for  pid=11603 comm="totem-mozilla-v"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process

Aug 11 16:18:15 soncomputer kernel: audit(1155327494.850:65): avc:
denied  { execstack } for  pid=11603 comm="totem-mozilla-v"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process

-Louis

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux