 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
I'm normally the kinda geek that tries to understand what's running on
my box, and going on when I'm having problems with my system. But I
have to say, every time I've researched a problem and it turned out to
be selinux, the solution has always been a "You just have to know what
to do" thing. The setroubleshootd.log is EXTREMELY unhelpful in fixing
problems, except when google can find someone else who got that message
and somehow figured it out. There's no actual central documentation set
for it, and there's no list of errors and their meanings. In short,
I've learned some pretty complex daemons pretty well, but selinux isn't
really giving me a fighting chance to do that.
\me steps off soapbox
When trying to run ffmpeg to transcode a MythTV file, I get the
following error:
# ffmpeg -v 1 -i "/data/mythtv/tmp/work/1/newfile.mpg" -r ntsc -target
dvd -b 4771k -s 720x480 -acodec ac3 -ab 192k -ac 2 -copyts -aspect 4:3
"/data/mythtv/tmp/work/1/newfile2.mpg" -map 0:0 -map 0:1
ffmpeg: error while loading shared libraries: /usr/lib/libswscale.so.0:
cannot restore segment prot after reloc: Permission denied
Googling has shown this is definitely a selinux issue, and
setroubleshootd.log shows:
[avc.DEBUG] analyze_avc() avc=avc: denied { execmod } for a0=11b000
a1=2d000 a2=5 a3=bfdc4110 arch=40000003 auid=500 comm="ffmpeg" dev=hda1
egid=0 euid=0 exe="/usr/bin/ffmpeg" exit=-13 fsgid=0 fsuid=0 gid=0
items=0 name="libswscale.so.0.5.0" path="/usr/lib/libswscale.so.0.5.0"
pid=5534 scontext=user_u:system_r:unconfined_t:s0 sgid=0
subj=user_u:system_r:unconfined_t:s0 success=no suid=0 syscall=125
tclass=file tcontext=system_u:object_r:lib_t:s0 tty=pts2 uid=0
WTF!!!!
Did I mention almost every single article I found Googling for "cannot
restore segment prot after reloc: Permission denied" said "OH, just
disable selinux"? What does it say about a security tool when almost
everyone's answer is to disable it instead of reconfiguring it? Even
searching on http://www.nsa.gov/selinux itself turns up that answer!
Can someone explain to me what that error means, and how I can get
around it? Meta-answers about how to figure out what to do about
selinux errors in general are welcome (as is sympathy).
Thanks.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
