realplayer AVCs

Daniel J Walsh dwalsh at redhat.com
Mon Nov 13 16:45:04 UTC 2006 

Tom London wrote:
> After updating to selinux-policy-targeted-2.4.3-10, I notice the
> following AVCs when starting 'realplayer'.  Realplayer no longer
> works. Didn't notice these before. Don't believe I saw any context
> changes during the update.
>
> type=AVC msg=audit(1163288612.216:22): avc:  denied  { execmem } for
> pid=3365 comm="realplay.bin" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1163288612.216:22): arch=40000003 syscall=192
> per=400000 success=no exit=-13 a0=0 a1=a01000 a2=7 a3=22 items=0
> ppid=3360 pid=3365 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="realplay.bin"
> exe="/usr/local/RealPlayer/realplay.bin"
> subj=user_u:system_r:unconfined_t:s0 key=(null)
> type=AVC msg=audit(1163288612.224:23): avc:  denied  { execmem } for
> pid=3365 comm="realplay.bin" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1163288612.224:23): arch=40000003 syscall=192
> per=400000 success=no exit=-13 a0=0 a1=a01000 a2=7 a3=22 items=0
> ppid=3360 pid=3365 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="realplay.bin"
> exe="/usr/local/RealPlayer/realplay.bin"
> subj=user_u:system_r:unconfined_t:s0 key=(null)
> type=AVC msg=audit(1163288612.224:24): avc:  denied  { execmem } for
> pid=3365 comm="realplay.bin" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1163288612.224:24): arch=40000003 syscall=192
> per=400000 success=no exit=-13 a0=0 a1=a01000 a2=7 a3=22 items=0
> ppid=3360 pid=3365 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="realplay.bin"
> exe="/usr/local/RealPlayer/realplay.bin"
> subj=user_u:system_r:unconfined_t:s0 key=(null)
>
> tom
Did they recently change the location of this file?

grep realplay /etc/selinux/targeted/contexts/files/file_contexts
/usr/local/RealPlay/realplay\.bin       --      
system_u:object_r:unconfined_execmem_exec_t:s0

More information about the fedora-selinux-list mailing list