Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I am *this* close to disabling selinux!

David Kramer wrote:
> Kristian Hermansen wrote:
>> On 4/28/07, David Kramer <david at> wrote:
>>> Can someone explain to me what that error means, and how I can get
>>> around it?  Meta-answers about how to figure out what to do about
>>> selinux errors in general are welcome (as is sympathy).
>> OK.  So what appears to be happening is that your ffmpeg process is
>> actually appearing to become corrupted.  However, all that is really
>> happening is that the segment 'prot' is being remapped internally.
>> This looks like a malicious library injection to SELINUX.  That makes
>> sense.  So, you just need to manually allow this library to be
>> remapped within your ffmpeg process.  Check out chcon...
>> Specifically you might want to try this:
>> chcon -t texrel_shlib_t
> 1) Thank you.  That worked.
> 2) Will that survive a reboot?


> Did it change the default policy, or just the running policy?

Neither.  It set a property on the file itself (stored by the filesystem).
The texrel_shlib_t is basically a group that needs to do something that most
programs shouldn't need to do.  Video codecs are notorious for this
technique though (which is probably one of the reasons they have so many
security problems).

> So yes, there's this pretty good tool if you stumble upon it, but how
> can you have a tool that's so invasive without accessible documentation?

That issue is sort of endemic to linux in general ;-)
Part of the answer is that it's still being developed.  You might look this
site for more info on the setroubleshoot tool:

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /