[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: writable memory segment: mplayer

From: Stephen Smalley <sds tycho nsa gov>
To: Rahul Sundaram <sundaram fedoraproject org>
Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Subject: Re: writable memory segment: mplayer
Date: Thu, 09 Oct 2008 08:45:59 -0400

On Thu, 2008-10-09 at 13:29 +0530, Rahul Sundaram wrote:
> Hi
> 
> 
> Since Fedora doesn't include this software, should a exception be added 
> to the SELinux policy?
> 
> "If you trust mplayer to run correctly, you can change the context of 
> the executable to unconfined_execmem_exec_t. "chcon -t 
> unconfined_execmem_exec_t '/usr/bin/mplayer'". You must also change the 
> default file context files on the system in order to preserve them even 
> on a full relabel. "semanage fcontext -a -t unconfined_execmem_exec_t 
> '/usr/bin/mplayer'"

I'd recommend always telling the user to run the semanage command first,
and then run restorecon /usr/bin/mplayer afterward to set it on disk,
rather than having to separately specify the type via chcon.
setroubleshoot really shouldn't ever tell the user to use chcon IMHO.

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Re: writable memory segment: mplayer
  - From: Paul Howarth

References:
- writable memory segment: mplayer
  - From: Rahul Sundaram

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]