lame/libxvidcore & execstack

Ted Rule ejtr at layer3.co.uk
Thu May 4 17:45:04 UTC 2006


Erm. Doesn't that break "rpm -V" file consistency checking?

Shouldn't it rather be done at the end of the rpm SPEC %install phase
during the RPM build rather than during RPM install itself?


Daniel J Walsh wrote:
> Date: Wed, 03 May 2006 14:10:27 -0400
> From: Daniel J Walsh <dwalsh at redhat.com>
> Subject: Re: lame/libxvidcore & execstack
> To: fedora-selinux-list at redhat.com
> Message-ID: <4458F213.4040505 at redhat.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Axel Thimm wrote:
> > On Tue, May 02, 2006 at 03:09:03PM -0400, Daniel J Walsh wrote:
> >   
> >> Axel Thimm wrote:
> >>     
> >>> On Tue, May 02, 2006 at 02:27:24PM -0400, John Griffiths wrote:
> >>>  
> >>>       
> >>>> Axel Thimm wrote:
> >>>>    
> >>>>         
> >>>>> On Tue, May 02, 2006 at 02:07:37PM -0400, John Griffiths wrote:
> >>>>>      
> >>>>>           
> >>>>>> Daniel J Walsh wrote:
> >>>>>>        
> >>>>>>             
> >>>>>>> John Griffiths wrote:
> >>>>>>>          
> >>>>>>>               
> >>>>>>>> fedora-selinux-list-request at redhat.com wrote:
> >>>>>>>>            
> >>>>>>>>                 
> >>>>>>>>> Subject:
> >>>>>>>>> Error running ffmpeg due to permission denied on library
> >>>>>>>>> From:
> >>>>>>>>> "Robert Foster" <rfoster at mountainvisions.com.au>
> >>>>>>>>> Date:
> >>>>>>>>> Thu, 27 Apr 2006 12:41:09 +1000
> >>>>>>>>> To:
> >>>>>>>>> <fedora-selinux-list at redhat.com>
> >>>>>>>>>
> >>>>>>>>> To:
> >>>>>>>>> <fedora-selinux-list at redhat.com>
> >>>>>>>>> I'm trying to get ffmpeg working for Gallery2 on FC5, and
> getting 
> >>>>>>>>> the following error (from the debug message via Gallery):
> >>>>>>>>>              
> >>>>>>>>>                   
> >>>  
> >>>       
> >>>>>>>> I had the same problem when using Kino which also uses
> ffmpeg. Here 
> >>>>>>>> is what I did and it works.
> >>>>>>>>
> >>>>>>>> execstack -c /usr/lib/libmp3lame.so.0
> >>>>>>>> execstack -c /usr/lib/libxvidcore.so.4
> >>>>>>>>       
> >>>>>>>>            
> >>>>>>>>                 
> >>>>>>> Please submit bugs on these to Kino and ffmpeg.
> >>>>>>>     
> >>>>>>>          
> >>>>>>>               
> >>>>>> Actually /usr/lib/libmp3lame.so.0 is part of
> lame-3.96.1-10.rhfc5.at 
> >>>>>> and libxvidcore4-1.1.0-8.rhfc5.at both from ATRpms.net.
> >>>>>>
> >>>>>> I'll let the people at ATRpm know.
> >>>>>>        
> >>>>>>             
> >>>>> Is this considered a packaging or upstream issue?
> >>>>>
> >>>>> If packaging: What is the recommended way to fix it
> specfile-wise?
> >>>>>
> >>>>>      
> >>>>>           
> >>> >From this, I find the folks at ATRpms know.
> >>>       
> >>>>    
> >>>>         
> >>> I'm very sure they'll be just as confused as I am ;)
> >>>  
> >>>       
> >> Point them at
> >>     
> >
> >         ^^^^
> >
> > Them is largely myself, that's why I can tell how confused "they"
> will
> > be. ;)
> >
> >   
> >> http://people.redhat.com/~drepper/selinux-mem.html
> >>
> >> and
> >>
> >> http://people.redhat.com/drepper/nonselsec.pdf
> >>     
> >
> > But these reference upstream fixing, not packaging ones. Do idioms
> > exist to cirumvent this at the packaging level (other than fixing
> the
> > source and Patch0: the fix), or is the recommendation to report to
> > upstream and wait for a fix while disabling selinux at the mean
> time? 
> 
> How about executing
> 
> execstack -c /usr/lib/libmp3lame.so.0
> 
> execstack -c /usr/lib/libxvidcore.so.4
> 
> 
> In the postinstall?  If it does not break anything.
> 

Erm. Doesn't that break "rpm -V" file checking?

Shouldn't it be done at the end of the rpm SPEC %install phase during
the build?



-- 
Ted Rule

Director, Layer3 Systems Ltd

W: http://www.layer3.co.uk/




More information about the fedora-selinux-list mailing list