pitfdll is a gstreamer plugin that loads win32 binary codecs.
Which works if selinux=0.
$ ls -Z /usr/lib/gstreamer-0.10/libpitfdll.so
-rwxr-xr-x root root system_u:object_r:lib_t
libpitfdll.so
ls -Z -d /usr/lib/win32
drwxr-xr-x root root
system_u:object_r:lib_t /usr/lib/win32
under selinux it can't. I get this error:
type=AVC msg=audit(1144183154.042:117): avc: denied { execmod } for
pid=2360 comm="totem" name="libpitfdll.so" dev=hda3 ino=815199
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:lib_t:s0 tclass=file
I put this through audit2allow:
allow unconfined_t lib_t:file execmod;
I don't want to have all unconfined_t access to lib_t just
libpitfdll.so.
how can I only allow libpitfdll.so access to lib_t?
--Louis
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
