Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I am *this* close to disabling selinux!



David Kramer wrote:
> setroubleshootd.log shows:
> [avc.DEBUG] analyze_avc() avc=avc: denied { execmod } for a0=11b000 
> a1=2d000 a2=5 a3=bfdc4110 arch=40000003 auid=500 comm="ffmpeg" dev=hda1 
> egid=0 euid=0 exe="/usr/bin/ffmpeg" exit=-13 fsgid=0 fsuid=0 gid=0 
> items=0 name="libswscale.so.0.5.0" path="/usr/lib/libswscale.so.0.5.0" 
> pid=5534 scontext=user_u:system_r:unconfined_t:s0 sgid=0 
> subj=user_u:system_r:unconfined_t:s0 success=no suid=0 syscall=125 
> tclass=file tcontext=system_u:object_r:lib_t:s0 tty=pts2 uid=0
> 
> Can someone explain to me what that error means, and how I can get 
> around it?

I've never dealt with SELinux, but I recall from BLU talks covering it 
that there is suppose to be a tool that can take stuff like the log 
entry above and turn it into an SELinux rule, thus permitting the action 
to occur. You're still on your own to figure out what's going on and 
decide whether to permit it to happen.

It wouldn't surprise me if someone has written a GUI tool that 
intercepts these access violations, and presents a more friendly 
"application X tried to do Y. Add a rule to permit this?" dialog. 
Something you might not want on a server, but appropriate for a desktop.


Kristian Hermansen wrote:
> So, you just need to manually allow this library to be
> remapped within your ffmpeg process.  Check out chcon...

So perhaps chcon is the tool?

  -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org