writable memory segment: mplayer

Stephen Smalley sds at tycho.nsa.gov
Thu Oct 9 12:45:59 UTC 2008

On Thu, 2008-10-09 at 13:29 +0530, Rahul Sundaram wrote:
> Hi
> Since Fedora doesn't include this software, should a exception be added 
> to the SELinux policy?
> "If you trust mplayer to run correctly, you can change the context of 
> the executable to unconfined_execmem_exec_t. "chcon -t 
> unconfined_execmem_exec_t '/usr/bin/mplayer'". You must also change the 
> default file context files on the system in order to preserve them even 
> on a full relabel. "semanage fcontext -a -t unconfined_execmem_exec_t 
> '/usr/bin/mplayer'"

I'd recommend always telling the user to run the semanage command first,
and then run restorecon /usr/bin/mplayer afterward to set it on disk,
rather than having to separately specify the type via chcon.
setroubleshoot really shouldn't ever tell the user to use chcon IMHO.

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list