On Thu, 2008-10-09 at 13:29 +0530, Rahul Sundaram wrote: > Hi > > > Since Fedora doesn't include this software, should a exception be added > to the SELinux policy? > > "If you trust mplayer to run correctly, you can change the context of > the executable to unconfined_execmem_exec_t. "chcon -t > unconfined_execmem_exec_t '/usr/bin/mplayer'". You must also change the > default file context files on the system in order to preserve them even > on a full relabel. "semanage fcontext -a -t unconfined_execmem_exec_t > '/usr/bin/mplayer'" I'd recommend always telling the user to run the semanage command first, and then run restorecon /usr/bin/mplayer afterward to set it on disk, rather than having to separately specify the type via chcon. setroubleshoot really shouldn't ever tell the user to use chcon IMHO. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
