gstreamer and selinux issue
Aaron VanDevender
sig at netdot.net
Fri Nov 3 00:00:52 UTC 2006
On Sat, 2006-08-12 at 07:48 -0400, Daniel J Walsh wrote:
> >
> > I am also having problems with totem-mozplugin, totem's plugin for
> > firefox.
> >
> > Aug 11 16:18:15 soncomputer kernel: audit(1155327494.846:63): avc:
> > denied { execstack } for pid=11603 comm="totem-mozilla-v"
> > scontext=user_u:system_r:unconfined_t:s0
> > tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> >
> > Aug 11 16:18:15 soncomputer kernel: audit(1155327494.850:64): avc:
> > denied { execstack } for pid=11603 comm="totem-mozilla-v"
> > scontext=user_u:system_r:unconfined_t:s0
> > tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> >
> > Aug 11 16:18:15 soncomputer kernel: audit(1155327494.850:65): avc:
> > denied { execstack } for pid=11603 comm="totem-mozilla-v"
> > scontext=user_u:system_r:unconfined_t:s0
> > tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> >
> >
> You have two choices with this turn on allow_execstack boolean or label
> firefox unconfined_execmem_exec_t.
Actually there is a better choice. Rather than change the context for
totem (and firefox and pitivi and rhythmbox and everything else that
uses gstreamer) you can just change the context of the pitfdll plugin
that is causing problems. It needs to exec its own modifiable memory
since it loads .dll files on to the heap, and then executes code that it
cuts out of them. Try this:
chcon -t texrel_shlib_t /usr/lib/gstreamer-0.10/libpitfdll.so
Cheers,
-Aaron
--
sig at netdot.net
Plead the First.
More information about the fedora-devel-list
mailing list