selinux - nspluginscan, and xine denials
Eric Paris
eparis at redhat.com
Tue Aug 19 15:16:14 UTC 2008
On Tue, 2008-08-19 at 06:06 -0700, Antonio Olivares wrote:
> Two alerts from selinux
[snip]
> host=localhost.localdomain type=AVC msg=audit(1217786121.365:53): avc: denied { execmem } for pid=3262 comm="nspluginviewer" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
>
> host=localhost.localdomain type=SYSCALL msg=audit(1217786121.365:53): arch=40000003 syscall=125 success=no exit=-13 a0=b1aaa000 a1=1000 a2=5 a3=bfa32acc items=0 ppid=3222 pid=3262 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="nspluginviewer" exe="/usr/bin/nspluginviewer" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
[snip]
> host=localhost.localdomain type=AVC msg=audit(1219150886.174:61): avc: denied { execstack } for pid=18915 comm="xine" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
>
> host=localhost.localdomain type=SYSCALL msg=audit(1219150886.174:61): arch=40000003 syscall=125 success=no exit=-13 a0=bfaed000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=4154 pid=18915 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts4 ses=1 comm="xine" exe="/usr/bin/xine" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
[snip]
I'm guessing these are one in the same? Did it install xine as a plugin
to firefox? This is a xine bug. execstack is never right. Did you try
following the suggestion and run execstack -c LIBRARY_PATH on all of the
libraries installed by xine-libs?
-Eric
More information about the fedora-selinux-list
mailing list