-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! I would like to solve the Selinux context issue with vlc x86 It is supposed to do the same purpose as mplayer do with 32bit codecs dll if there are present on the end-user system. This affect vlc for Fedora release 5, 6 and devel only for x86 (not ppc or x86_64) from https://bugzilla.livna.org/show_bug.cgi?id=1404 - ---- SELinux is preventing /usr/bin/vlc from loading /usr/lib/vlc/codec/libdmo_plugin.so which requires text relocation. SELinux is preventing /usr/bin/vlc from loading /usr/lib/vlc/codec/librealaudio_plugin.so which requires text relocation. I'm not sure if this can be fixed in the vlc package or if it would need to be fixed in the selinux policy package. I'll attach the saved output from setroubleshoot for these denials. - ---- libdmo_plugin denial - ----- Summary SELinux is preventing /usr/bin/vlc from loading /usr/lib/vlc/codec/libdmo_plugin.so which requires text relocation. Detailed Description The /usr/bin/vlc application attempted to load /usr/lib/vlc/codec/libdmo_plugin.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The http://people.redhat.com/drepper/selinux-mem.html web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/vlc/codec/libdmo_plugin.so to use relocation as a workaround, until the library is fixed. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Allowing Access If you trust /usr/lib/vlc/codec/libdmo_plugin.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/lib/vlc/codec/libdmo_plugin.so" The following command will allow this access: chcon -t textrel_shlib_t /usr/lib/vlc/codec/libdmo_plugin.so Additional Information: Source Context: user_u:system_r:unconfined_t Target Context: system_u:object_r:lib_t Target Objects: /usr/lib/vlc/codec/libdmo_plugin.so [ file ] Affected RPM Packages: vlc-0.8.6a-1.lvn6.1 [application]vlc-0.8.6a-1.lvn6.1 [target] Policy RPM: selinux-policy-2.4.6-27.fc6 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.allow_execmod Host Name: rusharri-lnx2 Platform: Linux rusharri-lnx2 2.6.19-1.2895.fc6 #1 SMP Wed Jan 10 19:28:18 EST 2007 i686 i686 Alert Count: 1 Line Numbers: Raw Audit Messages: avc: denied { execmod } for comm="vlc" dev=dm-0 egid=162433 euid=162433 exe="/usr/bin/vlc" exit=-13 fsgid=162433 fsuid=162433 gid=162433 items=0 name="libdmo_plugin.so" path="/usr/lib/vlc/codec/libdmo_plugin.so" pid=10856 scontext=user_u:system_r:unconfined_t:s0 sgid=162433 subj=user_u:system_r:unconfined_t:s0 suid=162433 tclass=file tcontext=system_u:object_r:lib_t:s0 tty=pts1 uid=162433 - -------- librealaudio_plugin denial - -------- Summary SELinux is preventing /usr/bin/vlc from loading /usr/lib/vlc/codec/librealaudio_plugin.so which requires text relocation. Detailed Description The /usr/bin/vlc application attempted to load /usr/lib/vlc/codec/librealaudio_plugin.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The http://people.redhat.com/drepper/selinux-mem.html web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/vlc/codec/librealaudio_plugin.so to use relocation as a workaround, until the library is fixed. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Allowing Access If you trust /usr/lib/vlc/codec/librealaudio_plugin.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/lib/vlc/codec/librealaudio_plugin.so" The following command will allow this access: chcon -t textrel_shlib_t /usr/lib/vlc/codec/librealaudio_plugin.so Additional Information: Source Context: user_u:system_r:unconfined_t Target Context: system_u:object_r:lib_t Target Objects: /usr/lib/vlc/codec/librealaudio_plugin.so [ file ] Affected RPM Packages: vlc-0.8.6a-1.lvn6.1 [application]vlc-0.8.6a-1.lvn6.1 [target] Policy RPM: selinux-policy-2.4.6-27.fc6 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.allow_execmod Host Name: rusharri-lnx2 Platform: Linux rusharri-lnx2 2.6.19-1.2895.fc6 #1 SMP Wed Jan 10 19:28:18 EST 2007 i686 i686 Alert Count: 1 Line Numbers: Raw Audit Messages: avc: denied { execmod } for comm="vlc" dev=dm-0 egid=162433 euid=162433 exe="/usr/bin/vlc" exit=-13 fsgid=16243 - ---------- Thx for your advices: Nicolas (kwizart) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFGJSfBlNdbIlsB+AERAgqAAKCAe3oBN3TvicHhQCVkJGpclzNNPwCdFIRv BfH3xDwe78OSJyOwd/rQ6Yk= =8pOY -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
