[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: gstreamer and selinux issue

From: Aaron VanDevender <sig netdot net>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: gstreamer and selinux issue
Date: Thu, 02 Nov 2006 18:00:52 -0600

On Sat, 2006-08-12 at 07:48 -0400, Daniel J Walsh wrote:
> >
> > I am also having problems with totem-mozplugin, totem's plugin for
> > firefox. 
> >
> > Aug 11 16:18:15 soncomputer kernel: audit(1155327494.846:63): avc:
> > denied  { execstack } for  pid=11603 comm="totem-mozilla-v"
> > scontext=user_u:system_r:unconfined_t:s0
> > tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> >
> > Aug 11 16:18:15 soncomputer kernel: audit(1155327494.850:64): avc:
> > denied  { execstack } for  pid=11603 comm="totem-mozilla-v"
> > scontext=user_u:system_r:unconfined_t:s0
> > tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> >
> > Aug 11 16:18:15 soncomputer kernel: audit(1155327494.850:65): avc:
> > denied  { execstack } for  pid=11603 comm="totem-mozilla-v"
> > scontext=user_u:system_r:unconfined_t:s0
> > tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> >
> >   
> You have two choices with this turn on allow_execstack boolean or label
> firefox unconfined_execmem_exec_t.

Actually there is a better choice. Rather than change the context for
totem (and firefox and pitivi and rhythmbox and everything else that
uses gstreamer) you can just change the context of the pitfdll plugin
that is causing problems. It needs to exec its own modifiable memory
since it loads .dll files on to the heap, and then executes code that it
cuts out of them. Try this:

chcon -t texrel_shlib_t /usr/lib/gstreamer-0.10/libpitfdll.so


Cheers,
-Aaron

-- 

sig netdot net
Plead the First.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]