Hi Andrea,
On 02/12/2018 07:21 PM, Andrea Vai wrote:
Hi all,
I am getting continuous selinux notifications about a "dvdemux"
process, and I don't know how to manage it.
Some of the (revelant?) data in the message window:
SELinux impedisce a dvdemux0:sink un accesso execstack su un processo.
[Translation from italian: SELinux denies to dvdemux0:sink an execstac
access on a process]
type=AVC msg=audit(1518457458.85:1216): avc: denied { execstack }
for pid=3263 comm="gst-plugin-scan"
scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
tclass=process permissive=0
It's good that SELinux denied this action. Command "gst-plugin-scan" is
trying to make stack executable which is possible attack or possible bug
in code.
AFAIK, gst-plugin-scan should be part of gstreamer-plugin-ugly package.
Could you please contact gstreamer developers for more info?
Thanks,
Lukas.
Hash: dvdemux0:sink,thumb_t,thumb_t,process,execstack
Can you help me please? I have a lot of notifications every day. I
don't know selinux so even a couple of hints would be very
appreciated.
Let me know if I have to provide more information.
Thank you very much,
Andrea (Fedora 27)
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.