pitfdll is a gstreamer plugin that loads win32 binary codecs. Which works if selinux=0. $ ls -Z /usr/lib/gstreamer-0.10/libpitfdll.so -rwxr-xr-x root root system_u:object_r:lib_t libpitfdll.so ls -Z -d /usr/lib/win32 drwxr-xr-x root root system_u:object_r:lib_t /usr/lib/win32 under selinux it can't. I get this error: type=AVC msg=audit(1144183154.042:117): avc: denied { execmod } for pid=2360 comm="totem" name="libpitfdll.so" dev=hda3 ino=815199 scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file I put this through audit2allow: allow unconfined_t lib_t:file execmod; I don't want to have all unconfined_t access to lib_t just libpitfdll.so. how can I only allow libpitfdll.so access to lib_t? --Louis -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list