1 | Summary: |
---|
2 | |
---|
3 | SELinux is preventing /usr/bin/mythtv-setup from loading |
---|
4 | /usr/lib/libmythswscale-0.22.so.0.22.0 which requires text relocation. |
---|
5 | |
---|
6 | Detailed Description: |
---|
7 | |
---|
8 | The mythtv-setup application attempted to load |
---|
9 | /usr/lib/libmythswscale-0.22.so.0.22.0 which requires text relocation. |
---|
10 | This is |
---|
11 | a |
---|
12 | potential security problem. Most libraries do not need this permission. |
---|
13 | Libraries are sometimes coded incorrectly and request this permission. |
---|
14 | The |
---|
15 | SELinux Memory Protection Tests |
---|
16 | (http://people.redhat.com/drepper/selinux-mem.html) web page explains |
---|
17 | how to |
---|
18 | remove this requirement. You can configure SELinux temporarily to allow |
---|
19 | /usr/lib/libmythswscale-0.22.so.0.22.0 to use relocation as a |
---|
20 | workaround, until |
---|
21 | the library is fixed. Please file a bug report. |
---|
22 | |
---|
23 | Allowing Access: |
---|
24 | |
---|
25 | If you trust /usr/lib/libmythswscale-0.22.so.0.22.0 to run correctly, |
---|
26 | you can |
---|
27 | change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t |
---|
28 | '/usr/lib/libmythswscale-0.22.so.0.22.0'" You must also change the |
---|
29 | default file |
---|
30 | context files on the system in order to preserve them even on a full |
---|
31 | relabel. |
---|
32 | "semanage fcontext -a -t textrel_shlib_t |
---|
33 | '/usr/lib/libmythswscale-0.22.so.0.22.0'" |
---|
34 | |
---|
35 | Fix Command: |
---|
36 | |
---|
37 | chcon -t textrel_shlib_t '/usr/lib/libmythswscale-0.22.so.0.22.0' |
---|
38 | |
---|
39 | Additional Information: |
---|
40 | |
---|
41 | Source Context |
---|
42 | unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 |
---|
43 | 023 |
---|
44 | Target Context system_u:object_r:lib_t:s0 |
---|
45 | Target Objects /usr/lib/libmythswscale-0.22.so.0.22.0 [ |
---|
46 | file ] |
---|
47 | Source mythtv-setup |
---|
48 | Source Path /usr/bin/mythtv-setup |
---|
49 | Port <Unknown> |
---|
50 | Host (removed) |
---|
51 | Source RPM Packages mythtv-setup-0.22-0.5.rc1.fc12 |
---|
52 | Target RPM Packages libmyth-0.22-0.5.rc1.fc12 |
---|
53 | Policy RPM selinux-policy-3.6.32-37.fc12 |
---|
54 | Selinux Enabled True |
---|
55 | Policy Type targeted |
---|
56 | MLS Enabled True |
---|
57 | Enforcing Mode Enforcing |
---|
58 | Plugin Name allow_execmod |
---|
59 | Host Name (removed) |
---|
60 | Platform Linux (removed) 2.6.31.5-96.fc12.i686 #1 |
---|
61 | SMP Fri Oct 23 19:53:24 EDT 2009 i686 i686 |
---|
62 | Alert Count 1 |
---|
63 | First Seen Tue 03 Nov 2009 07:28:30 PM EST |
---|
64 | Last Seen Tue 03 Nov 2009 07:28:30 PM EST |
---|
65 | Local ID ad9b6d19-96c5-49cd-84f9-1869601b45cb |
---|
66 | Line Numbers |
---|
67 | |
---|
68 | Raw Audit Messages |
---|
69 | |
---|
70 | node=(removed) type=AVC msg=audit(1257294510.891:23836): avc: denied { |
---|
71 | execmod } for pid=9537 comm="mythtv-setup" |
---|
72 | path="/usr/lib/libmythswscale-0.22.so.0.22.0" dev=sda4 ino=55891 |
---|
73 | scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 |
---|
74 | tcontext=system_u:object_r:lib_t:s0 tclass=file |
---|
75 | |
---|
76 | node=(removed) type=SYSCALL msg=audit(1257294510.891:23836): |
---|
77 | arch=40000003 |
---|
78 | syscall=125 success=no exit=-13 a0=b30000 a1=38000 a2=5 a3=bfed39c0 |
---|
79 | items=0 |
---|
80 | ppid=1 pid=9537 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 |
---|
81 | egid=500 |
---|
82 | sgid=500 fsgid=500 tty=(none) ses=1 comm="mythtv-setup" |
---|
83 | exe="/usr/bin/mythtv-setup" |
---|
84 | subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) |
---|
85 | |
---|
86 | |
---|
87 | |
---|
88 | Hash String generated from |
---|
89 | selinux-policy-3.6.32-37.fc12,allow_execmod,mythtv-setup,unconfined_t,lib_t,file,execmod |
---|
90 | audit2allow suggests: |
---|
91 | |
---|
92 | #============= unconfined_t ============== |
---|
93 | allow unconfined_t lib_t:file execmod; |
---|