GNOME Bugzilla – Bug 607112
[SECURITY - SELinux - execmod] libgstffmpeg.so requires text relocation
Last modified: 2010-09-15 18:19:03 UTC
SELinux is preventing mixer_applet2 from loading /usr/lib64/gstreamer-0.10/libgstffmpeg.so which requires text relocation. Detailed Description: The mixer_applet2 application attempted to load /usr/lib64/gstreamer-0.10/libgstffmpeg.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib64/gstreamer-0.10/libgstffmpeg.so to use relocation as a workaround, until the library is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Allowing Access: If you trust /usr/lib64/gstreamer-0.10/libgstffmpeg.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/usr/lib64/gstreamer-0.10/libgstffmpeg.so'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/usr/lib64/gstreamer-0.10/libgstffmpeg.so'" The following command will allow this access: chcon -t textrel_shlib_t '/usr/lib64/gstreamer-0.10/libgstffmpeg.so' Additional Information: Source Context user_u:system_r:unconfined_t Target Context system_u:object_r:lib_t Target Objects /usr/lib64/gstreamer-0.10/libgstffmpeg.so [ file ] Source mixer_applet2 Source Path /usr/libexec/mixer_applet2 Port <Unknown> Host localhost.localdomain Source RPM Packages gnome-applets-2.16.0.1-19.el5 Target RPM Packages gstreamer-ffmpeg-0.10.6-1.el5.rf Policy RPM selinux-policy-2.4.6-255.el5_4.3 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name allow_execmod Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.18-164.10.1.el5 #1 SMP Thu Jan 7 19:54:26 EST 2010 x86_64 x86_64 Alert Count 1 First Seen fre 15-01-2010 22:39:36 CET Last Seen fre 15-01-2010 22:39:36 CET Local ID b1346351-a6d4-4d45-a638-58a1769e1dfb Line Numbers Raw Audit Messages host=localhost.localdomain type=AVC msg=audit(1263591576.855:17): avc: denied { execmod } for pid=4075 comm="mixer_applet2" path="/usr/lib64/gstreamer-0.10/libgstffmpeg.so" dev=md1 ino=8539950 scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file host=localhost.localdomain type=SYSCALL msg=audit(1263591576.855:17): arch=c000003e syscall=10 success=no exit=-13 a0=2b4589c43000 a1=499000 a2=5 a3=2b4589c45148 items=0 ppid=4065 pid=4075 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="mixer_applet2" exe="/usr/libexec/mixer_applet2" subj=user_u:system_r:unconfined_t:s0 key=(null) --------------- # rpm -qi gstreamer-ffmpeg-0.10.6-1.el5.rf Name : gstreamer-ffmpeg Relocations: (not relocatable) Version : 0.10.6 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/ Release : 1.el5.rf Build Date: man 23-11-2009 00:23:17 CET Install Date: fre 15-01-2010 14:57:23 CET Build Host: lisse.hasselt.wieers.com Group : Applications/Multimedia Source RPM: gstreamer-ffmpeg-0.10.6-1.el5.rf.src.rpm Size : 20711110 License: LGPL Signature : DSA/SHA1, ons 25-11-2009 12:47:25 CET, Key ID a20e52146b8d79e6 Packager : Dag Wieers <dag@wieers.com> URL : http://gstreamer.net/ Summary : GStreamer streaming media framework FFmpeg-based plugin -------------- # rpm -qi gnome-applets-2.16.0.1-19.el5 Name : gnome-applets Relocations: (not relocatable) Version : 2.16.0.1 Vendor: CentOS Release : 19.el5 Build Date: ons 14-03-2007 16:56:45 CET Install Date: tor 14-01-2010 20:44:37 CET Build Host: builder5.centos.org Group : User Interface/Desktops Source RPM: gnome-applets-2.16.0.1-19.el5.src.rpm Size : 33105695 License: GPL Signature : DSA/SHA1, ons 04-04-2007 02:23:32 CEST, Key ID a8a447dce8562897 URL : http://www.gnome.org/ Summary : Small applications for the GNOME panel ------------ # cat /etc/redhat-release CentOS release 5.4 (Final) # uname -a Linux localhost.localdomain 2.6.18-164.10.1.el5 #1 SMP Thu Jan 7 19:54:26 EST 2010 x86_64 x86_64 x86_64 GNU/Linux ------------ The "trigger": Centos 5.4 install with Gnome Desktop. (x86_64) Enable RPMforge yum -y install gstreamer-plugins-bad gstreamer-plugins-ugly gstreamer-ffmpeg Restart and login as a normal user.
Could you please explain your problem instead of dumping output of various commands ?
Closing this bug report as no further information has been provided. Please feel free to reopen this bug if you can provide the information asked for. Thanks!