FC10 (2.6.27.21-170.2.56.fc10.i686), panasonic cf-50 laptop

FC10 seems to be having issues with mplayer -- there are a lot of posts on this subject. However, I have not yet seen any on SELinux involvement. If anyone can respond/knows about this/etc., thanks in advance

note:
mplayer, mplayerplug-in, all codecs installed

However, once a quicktime file is played, no more sound from mplayer files.

Same thing happened with FC7, but a reboot would release sound. (In FC10, sound still does not play even after a reboot.)

When trying to play streaming video in mplayer, get SELinux setroubleshoot message:
>The mplayer application attempted to load /usr/lib/codecs/drv4.so.6.0 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission.<

I don't understand how to correct for this (certainly I can't change the server requests :P and the howto with the troubleshoot message is greek to me.


I have a lot of info on what is installed, the order of installation, and so on -- not sure how much to post -- just ask for pertinent info? The last thing I tried was to download/install a lot of pulseaudio files and try to use the pulseaudio server for playback, but the message in the sound settings using a test sound is that the server connection is refused. (with alsa the message is a little different, but the sound won't play using the alsa setup either). Unfortunately (?) after installing all the pulse audio files even using autodetect sound won't play anymore.

Any info would be appreciated :]

Thanks in advance

If the message was a GUI message sent by Setroubleshoot (star icon), then you haven't read the whole message well enough. It will clearly advise you to run something like 'semanage fcontext -a -t textrel_shlib_t /usr/lib/codecs/drv4.so.6.0'. The rest I can't comment on. Talking about error messages does not equal posting error messages.

In my post I indicated that tho I read the Setroubleshoot message I did not understand (clearly) what it meant. I didn't want to do something too incorrectly (incorrectable). For example: as you can see (below) it says something like >If you trust< the .so (do I? it is not working...) and so on... In addition, fooling around with SEL when you don't know what you are doing can be catastrophic (I know this from experience).

The whole message follows -- it indeed says something similar to what you wrote. Anyone interested can take a look. Fortunately for me at this time the website that had the quicktime, real, and flash players together has switched formats so mplayer is out of the mix. In other words, I have some time to see if this problem will get a fix from Fedora or mplayer people. (I am certainly not the only one with this problem, by far, many people find mplayer won't work -- no audio -- after another player has been evoked.)


cheers -- thanks for your time -- any info is helpful.



SELinux troubleshoot Summary:

SELinux is preventing mplayer from loading /usr/lib/codecs/drv4.so.6.0 which requires text relocation.

Detailed Description:

The mplayer application attempted to load /usr/lib/codecs/drv4.so.6.0 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/codecs/drv4.so.6.0 to use relocation as a workaround, until the library is fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Allowing Access:

If you trust /usr/lib/codecs/drv4.so.6.0 to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
'/usr/lib/codecs/drv4.so.6.0'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/usr/lib/codecs/drv4.so.6.0'"

Fix Command:

chcon -t textrel_shlib_t '/usr/lib/codecs/drv4.so.6.0'

Additional Information:

Source Context unconfined_u:unconfined_r:unconfined_execmem_t:s0-
s0:c0.c1023
Target Context unconfined_ubject_r:lib_t:s0
Target Objects /usr/lib/codecs/drv4.so.6.0 [ file ]
Source mplayer
Source Path /usr/bin/mplayer
Port <Unknown>
Host localhost.localdomain
Source RPM Packages mplayer-1.0-0.104.20090204svn.fc10
Target RPM Packages
Policy RPM selinux-policy-3.5.13-53.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name allow_execmod
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.27.21-170.2.56.fc10.i686 #1 SMP Mon Mar 23
23:37:54 EDT 2009 i686 i686
Alert Count 4
First Seen Mon 06 Apr 2009 06:22:47 PM CDT
Last Seen Mon 06 Apr 2009 06:41:59 PM CDT
Local ID e38a5866-9cf6-443d-a2c0-c4d5459717a8
Line Numbers

Raw Audit Messages

node=localhost.localdomain type=AVC msg=audit(1239061319.342:18): avc: denied { execmod } for pid=3178 comm="mplayer" path="/usr/lib/codecs/drv4.so.6.0" dev=dm-0 ino=741337 scontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:lib_t:s0 tclass=file

node=localhost.localdomain type=SYSCALL msg=audit(1239061319.342:18): arch=40000003 syscall=125 success=no exit=-13 a0=1c0f000 a1=49000 a2=5 a3=bff9d390 items=0 ppid=3076 pid=3178 auid=502 uid=502 gid=502 euid=502 suid=502 fsuid=502 egid=502 sgid=502 fsgid=502 tty=(none) ses=1 comm="mplayer" exe="/usr/bin/mplayer" subj=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 key=(null)

Read http://people.redhat.com/drepper/selinux-mem.html.
Then, as root, user run: and finally (since you run Fedora current) please do file a bug report.

<QUOTE>
Read http://people.redhat.com/drepper/selinux-mem.html.
Then, as root, user run:
Code:

chcon -t textrel_shlib_t /usr/lib/codecs/drv4.so.6.0
semanage fcontext -a -t textrel_shlib_t /usr/lib/codecs/drv4.so.6.0

and finally (since you run Fedora current) please do file a bug report.
</UNQUOTE>

Yes, I did read that selinux (url above) page -- your distillation tells me I was not as far out as I thought (yay!)...this is encouraging...!

I will run the commands when the problem re-occurs (I'd probably man the commands before running, too :P). As per a bug report -- I believe this problem has been reported, but will check again shortly (and do so if I am mistaken/thinking of another report). Will also post a report of results then, too, in case anyone gets interested.

Thanks for following up on this

NP. If you ran 'semanage fcontext' then there should be no reason to rerun 'chcon' on this library since the filecontext database was updated, so any relabelling would apply it automagically.