Package: selinux-policy-default Version: 2:0.0.20080702-14 Severity: normal
Summary: SELinux is preventing pulseaudio from loading /usr/lib/libFLAC.so.8.2.0 which requires text relocation. Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] The pulseaudio application attempted to load /usr/lib/libFLAC.so.8.2.0 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/libFLAC.so.8.2.0 to use relocation as a workaround, until the library is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Allowing Access: If you trust /usr/lib/libFLAC.so.8.2.0 to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/usr/lib/libFLAC.so.8.2.0'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/usr/lib/libFLAC.so.8.2.0'" Fix Command: chcon -t textrel_shlib_t '/usr/lib/libFLAC.so.8.2.0' Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0 Target Context system_u:object_r:lib_t:s0 Target Objects /usr/lib/libFLAC.so.8.2.0 [ file ] Source pulseaudio Source Path /usr/bin/pulseaudio Port <Unknown> Host champaran Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type default MLS Enabled True Enforcing Mode Permissive Plugin Name allow_execmod Host Name champaran Platform Linux champaran 2.6.28-custom #1 SMP Thu Feb 12 19:09:05 IST 2009 i686 Alert Count 1 First Seen Sat 14 Feb 2009 12:37:24 PM IST Last Seen Sat 14 Feb 2009 12:37:24 PM IST Local ID 75008d3e-a7aa-4940-a1d7-302abf61f1ae Line Numbers Raw Audit Messages node=champaran type=AVC msg=audit(1234595244.759:52): avc: denied { execmod } for pid=5130 comm="pulseaudio" path="/usr/lib/libFLAC.so.8.2.0" dev=dm-1 ino=2038146 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file node=champaran type=SYSCALL msg=audit(1234595244.759:52): arch=40000003 syscall=125 success=yes exit=0 a0=b7cb5000 a1=52000 a2=5 a3=bfa889f0 items=0 ppid=5062 pid=5130 auid=4294967295 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null) -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.28-custom (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages selinux-policy-default depends on: ii libpam-modules 1.0.1-5 Pluggable Authentication Modules f ii libselinux1 2.0.65-5 SELinux shared libraries ii libsepol1 2.0.30-2 Security Enhanced Linux policy lib ii policycoreutils 2.0.49-8 SELinux core policy utilities ii python 2.5.2-3 An interactive high-level object-o Versions of packages selinux-policy-default recommends: ii checkpolicy 2.0.16-1 SELinux policy compiler ii setools 3.3.5.ds-5 tools for Security Enhanced Linux Versions of packages selinux-policy-default suggests: pn logcheck <none> (no description available) pn syslog-summary <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
