Hi.
This makes Firefox crash if SELinux is in enforcing mode.
Summary:
SELinux is preventing ld-linux.so.2 from loading
/usr/lib/libavfilter.so.0.1.0
which requires text relocation.
Detailed Description:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
The ld-linux.so.2 application attempted to load
/usr/lib/libavfilter.so.0.1.0
which requires text relocation. This is a potential security problem. Most
libraries do not need this permission. Libraries are sometimes coded
incorrectly
and request this permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. You can configure SELinux temporarily to allow
/usr/lib/libavfilter.so.0.1.0 to use relocation as a workaround, until the
library is fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Allowing Access:
If you trust /usr/lib/libavfilter.so.0.1.0 to run correctly, you can
change the
file context to textrel_shlib_t. "chcon -t textrel_shlib_t
'/usr/lib/libavfilter.so.0.1.0'" You must also change the default file
context
files on the system in order to preserve them even on a full relabel.
"semanage
fcontext -a -t textrel_shlib_t '/usr/lib/libavfilter.so.0.1.0'"
Fix Command:
chcon -t textrel_shlib_t '/usr/lib/libavfilter.so.0.1.0'
Additional Information:
Source Context system_u:system_r:prelink_t:s0-s0:c0.c1023
Target Context system_u:object_r:lib_t:s0
Target Objects /usr/lib/libavfilter.so.0.1.0 [ file ]
Source ld-linux.so.2
Source Path /lib/ld-2.8.90.so
Port <Unknown>
Host sundaram
Source RPM Packages glibc-2.8.90-13
Target RPM Packages ffmpeg-libs-0.4.9-0.50.20080908.fc10
Policy RPM selinux-policy-3.5.10-3.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name allow_execmod
Host Name sundaram
Platform Linux sundaram
2.6.25.14-108.fc9.i686 #1 SMP Mon Aug 4
14:08:11
EDT 2008 i686 i686
Alert Count 1
First Seen Fri 17 Oct 2008 04:05:58 AM IST
Last Seen Fri 17 Oct 2008 04:05:58 AM IST
Local ID 5bf00553-84ae-49ea-a793-7977855b9541
Line Numbers
Raw Audit Messages
node=sundaram type=AVC msg=audit(1224196558.619:111): avc: denied {
execmod } for pid=27387 comm="ld-linux.so.2"
path="/usr/lib/libavfilter.so.0.1.0" dev=dm-0 ino=68753
scontext=system_u:system_r:prelink_t:s0-s0:c0.c1023
tcontext=system_u:object_r:lib_t:s0 tclass=file
node=sundaram type=SYSCALL msg=audit(1224196558.619:111): arch=40000003
syscall=125 success=yes exit=0 a0=111000 a1=3000 a2=5 a3=bfbedde0
items=0 ppid=27136 pid=27387 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=10 comm="ld-linux.so.2"
exe="/lib/ld-2.8.90.so" subj=system_u:system_r:prelink_t:s0-s0:c0.c1023
key=(null)
Rahul
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
