Dear all,
Trying to install xine-lib from source *to put in the missing pieces* gives selinux denials with chcon
Summary:
SELinux is preventing chcon (unconfined_t) "mac_admin" unconfined_t.
Detailed Description:
SELinux denied access requested by chcon. It is not expected that this access is required by chcon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0 Target Objects None [ capability2 ] Source chcon Source Path /usr/bin/chcon Port <Unknown> Host emachines-3 Source RPM Packages coreutils-6.12-17.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.13-18.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name emachines-3 Platform Linux emachines-3 2.6.27.5-109.fc10.x86_64 #1 SMP Thu Nov 13 20:12:05 EST 2008 x86_64 x86_64 Alert Count 60 First Seen Tue 18 Nov 2008 07:47:03 AM CST Last Seen Tue 18 Nov 2008 07:48:36 AM CST Local ID 395c28ed-1aab-4d88-9105-57cecfd55b14 Line Numbers
Raw Audit Messages
node=emachines-3 type=AVC msg=audit(1227016116.77:132): avc: denied { mac_admin } for pid=3757 comm="chcon" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=capability2
node=emachines-3 type=SYSCALL msg=audit(1227016116.77:132): arch=c000003e syscall=188 success=no exit=-22 a0=133e670 a1=6236f9 a2=133fa40 a3=21 items=0 ppid=3751 pid=3757 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="chcon" exe="/usr/bin/chcon" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
Thanks,
Antonio
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
Dear all,
Trying to install xine-lib from source *to put in the missing pieces* gives selinux denials with chcon
Summary:
SELinux is preventing chcon (unconfined_t) "mac_admin" unconfined_t.
Detailed Description:
SELinux denied access requested by chcon. It is not expected that this access is required by chcon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0 Target Objects None [ capability2 ] Source chcon Source Path /usr/bin/chcon Port <Unknown> Host emachines-3 Source RPM Packages coreutils-6.12-17.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.13-18.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name emachines-3 Platform Linux emachines-3 2.6.27.5-109.fc10.x86_64 #1 SMP Thu Nov 13 20:12:05 EST 2008 x86_64 x86_64 Alert Count 60 First Seen Tue 18 Nov 2008 07:47:03 AM CST Last Seen Tue 18 Nov 2008 07:48:36 AM CST Local ID 395c28ed-1aab-4d88-9105-57cecfd55b14 Line Numbers
Raw Audit Messages
node=emachines-3 type=AVC msg=audit(1227016116.77:132): avc: denied { mac_admin } for pid=3757 comm="chcon" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=capability2
node=emachines-3 type=SYSCALL msg=audit(1227016116.77:132): arch=c000003e syscall=188 success=no exit=-22 a0=133e670 a1=6236f9 a2=133fa40 a3=21 items=0 ppid=3751 pid=3757 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="chcon" exe="/usr/bin/chcon" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
Thanks,
Antonio
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Please report as a bug to xine. This means they are trying to lay down file context that the host does not know about, they should never do this, and they should work with SELinux developers to do the right thing.
--- On Tue, 12/2/08, Rahul Sundaram sundaram@fedoraproject.org wrote:
From: Rahul Sundaram sundaram@fedoraproject.org Subject: Re: installing xine from source yields lots of selinux denials To: olivares14031@yahoo.com Cc: fedora-selinux-list@redhat.com Date: Tuesday, December 2, 2008, 2:44 AM Antonio Olivares wrote:
Dear all,
Trying to install xine-lib from source *to put in the
missing pieces* gives selinux denials with chcon
It would be much simpler to install xine-lib-extras from rpmfusion.
Rahul
Done!!!
I got it from rpmfusion.
Regards,
Antonio
selinux@lists.fedoraproject.org