Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I am *this* close to disabling selinux!



Kristian Hermansen wrote:
> On 4/28/07, David Kramer <david at thekramers.net> wrote:
>> Can someone explain to me what that error means, and how I can get
>> around it?  Meta-answers about how to figure out what to do about
>> selinux errors in general are welcome (as is sympathy).
> 
> OK.  So what appears to be happening is that your ffmpeg process is
> actually appearing to become corrupted.  However, all that is really
> happening is that the segment 'prot' is being remapped internally.
> This looks like a malicious library injection to SELINUX.  That makes
> sense.  So, you just need to manually allow this library to be
> remapped within your ffmpeg process.  Check out chcon...

> Specifically you might want to try this:
> chcon -t texrel_shlib_t libswscale.so


1) Thank you.  That worked.

2) Will that survive a reboot?  Did it change the default policy, or
just the running policy?

3) How would one find this information?

OK, in part answering (3), I had a feeling that there was more to
setroubleshoot.  I did:
rpm -ql setroubleshoot | grep bin
(my favorite techniques for finding commands in a package)

There's a command "sealert" which didn't seem to do much, until I found
the "-b" parameter.  That launched a very helpful setroubleshoot logfile
browser that gave detailed explanations of each entry, how to modify the
policy that created the rule, and even suggested which ones you probably
didn't want to change,  Nice.

So yes, there's this pretty good tool if you stumble upon it, but how
can you have a tool that's so invasive without accessible documentation?



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org