installing xine from source yields lots of selinux denials

Antonio Olivares olivares14031 at yahoo.com
Tue Nov 18 13:49:15 UTC 2008 

Dear all,

Trying to install xine-lib from source *to put in the missing pieces* gives selinux denials with chcon


Summary:

SELinux is preventing chcon (unconfined_t) "mac_admin" unconfined_t.

Detailed Description:

SELinux denied access requested by chcon. It is not expected that this access is
required by chcon and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:unconfined_r:unconfined_t:s0
Target Context                unconfined_u:unconfined_r:unconfined_t:s0
Target Objects                None [ capability2 ]
Source                        chcon
Source Path                   /usr/bin/chcon
Port                          <Unknown>
Host                          emachines-3
Source RPM Packages           coreutils-6.12-17.fc10
Target RPM Packages           
Policy RPM                    selinux-policy-3.5.13-18.fc10
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     emachines-3
Platform                      Linux emachines-3 2.6.27.5-109.fc10.x86_64 #1 SMP
                              Thu Nov 13 20:12:05 EST 2008 x86_64 x86_64
Alert Count                   60
First Seen                    Tue 18 Nov 2008 07:47:03 AM CST
Last Seen                     Tue 18 Nov 2008 07:48:36 AM CST
Local ID                      395c28ed-1aab-4d88-9105-57cecfd55b14
Line Numbers                  

Raw Audit Messages            

node=emachines-3 type=AVC msg=audit(1227016116.77:132): avc:  denied  { mac_admin } for  pid=3757 comm="chcon" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=capability2

node=emachines-3 type=SYSCALL msg=audit(1227016116.77:132): arch=c000003e syscall=188 success=no exit=-22 a0=133e670 a1=6236f9 a2=133fa40 a3=21 items=0 ppid=3751 pid=3757 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="chcon" exe="/usr/bin/chcon" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)




Thanks,

Antonio

More information about the selinux mailing list