[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: gstreamer and selinux issue



On Thu, 2006-08-10 at 10:15 -0400, Daniel J Walsh wrote:
> On Wed, 2006-08-09 at 20:31 -0400, Louis Garcia II wrote:
> > On Wed, 2006-08-09 at 18:12 -0400, Louis Garcia II wrote:
> > > I was able to setup the pitfdll plugin for gstreamer and use the win32
> > > codecs under fc5 with selinux enabled. The pitfdll plugin needed to be
> > > marked textrel_shlib_t and the codecs under /usr/lib/win32 marked lib_t.
> > > This worked for FC5 under selinux and FC6 with selinux disabled. But
> > > selinux under FC6 seems to have changed. Is their another lable I
> > > should use, how can I debug this?
> > > 
> > > -Thanks
> > 
> > This is what I get:
> > 
> > Aug  9 19:12:34 soncomputer kernel: audit(1155165152.723:10): avc:
> > denied  { execstack } for  pid=9530 comm="totem"
> > scontext=user_u:system_r:unconfined_t:s0
> > tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> > 
> > -Louis
>
> you can turn on allow_execstack or change the context of totem to
unconfined_execmen_exec_t
> chcon -t unconfined_execmem_exec_t /usr/bin/totem

if I turn on allow_execstack would that be for everything or just for totem?
What would be the most secure of these two options?

-Louis



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]