[Bug 733001] scanner: Selinux enhanced file rights not handled correctly
GStreamer (bugzilla.gnome.org)
bugzilla at gnome.org
Fri Jul 11 00:53:21 PDT 2014
https://bugzilla.gnome.org/show_bug.cgi?id=733001
GStreamer | gstreamer (core) | unspecified
--- Comment #5 from kasberger at heidenhain.de 2014-07-11 07:53:15 UTC ---
You are right. SeLinux doesn't pay attention the normal execution rights is
set.
But the shared object needs a SELInux rule that allows execution of the shared
library and needs to be labeled for that.
SeLinux is working in this way. Enabled SeLinux prohibits execution on files
that are not labeled to have SeLinuxs execute rights. And this also affects
shared objects loaded by executables. So Selinux will simply not execute any
code in a shared object as long it is not labeled.
You are completely right that check for execute is not the right way. We should
introduce the complete SeLinux in gstreamer for such file operations.
Or the handling at g_module_open should be different.
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list