installing xine from source yields lots of selinux denials
Daniel J Walsh
dwalsh at redhat.com
Tue Nov 18 16:18:29 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Dear all,
>
> Trying to install xine-lib from source *to put in the missing pieces* gives selinux denials with chcon
>
>
> Summary:
>
> SELinux is preventing chcon (unconfined_t) "mac_admin" unconfined_t.
>
> Detailed Description:
>
> SELinux denied access requested by chcon. It is not expected that this access is
> required by chcon and this access may signal an intrusion attempt. It is also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context unconfined_u:unconfined_r:unconfined_t:s0
> Target Context unconfined_u:unconfined_r:unconfined_t:s0
> Target Objects None [ capability2 ]
> Source chcon
> Source Path /usr/bin/chcon
> Port <Unknown>
> Host emachines-3
> Source RPM Packages coreutils-6.12-17.fc10
> Target RPM Packages
> Policy RPM selinux-policy-3.5.13-18.fc10
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name emachines-3
> Platform Linux emachines-3 2.6.27.5-109.fc10.x86_64 #1 SMP
> Thu Nov 13 20:12:05 EST 2008 x86_64 x86_64
> Alert Count 60
> First Seen Tue 18 Nov 2008 07:47:03 AM CST
> Last Seen Tue 18 Nov 2008 07:48:36 AM CST
> Local ID 395c28ed-1aab-4d88-9105-57cecfd55b14
> Line Numbers
>
> Raw Audit Messages
>
> node=emachines-3 type=AVC msg=audit(1227016116.77:132): avc: denied { mac_admin } for pid=3757 comm="chcon" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=capability2
>
> node=emachines-3 type=SYSCALL msg=audit(1227016116.77:132): arch=c000003e syscall=188 success=no exit=-22 a0=133e670 a1=6236f9 a2=133fa40 a3=21 items=0 ppid=3751 pid=3757 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="chcon" exe="/usr/bin/chcon" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
>
>
>
>
> Thanks,
>
> Antonio
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Please report as a bug to xine. This means they are trying to lay down
file context that the host does not know about, they should never do
this, and they should work with SELinux developers to do the right thing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkki6tUACgkQrlYvE4MpobP0xgCgrxhXB6jC131v43iP+LrCxmiF
6usAoJQFKqkf7XZYq6ZojkiZi2mxwBaI
=eeZ/
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list