Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 472902 - skype fails to start with selinux enforcing
Summary: skype fails to start with selinux enforcing
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Vermeulen (RETIRED)
URL:
Whiteboard: sec-policy r2
Keywords:
Depends on:
Blocks:
 
Reported: 2013-06-10 18:31 UTC by Sven Vermeulen (RETIRED)
Modified: 2013-08-15 07:47 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Vermeulen (RETIRED) gentoo-dev 2013-06-10 18:31:02 UTC 
~$ skype
skype: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

type=AVC msg=audit(1370887287.866:1468): avc:  denied  { execmod } for  pid=9842 comm="skype" path="/opt/bin/skype" dev="dm-2" ino=15 scontext=staff_u:staff_r:skype_t tcontext=staff_u:object_r:skype_exec_t tclass=file

-- added "allow skype_t skype_exec_t:file execmod;"

~$ skype
(... lots of denials on search cert_t ...)
(... then, upon closing the welcome screen ...)
shm_open() failed: Function not implemented
Failed to create secure directory: Permission denied
shm_open() failed: Function not implemented
Failed to create secure directory: Permission denied

type=AVC msg=audit(1370887345.319:1843): avc:  denied  { search } for  pid=9890 comm="skype" name=".pulse" dev="dm-0" ino=1082527 scontext=staff_u:staff_r:skype_t tcontext=staff_u:object_r:user_home_t tclass=dir
type=AVC msg=audit(1370887345.322:1844): avc:  denied  { getattr } for  pid=9890 comm="skype" path="/home/swift/.pulse" dev="dm-0" ino=1082527 scontext=staff_u:staff_r:skype_t tcontext=staff_u:object_r:user_home_t tclass=dir
type=AVC msg=audit(1370887345.322:1845): avc:  denied  { read } for  pid=9890 comm="skype" name=".pulse" dev="dm-0" ino=1082527 scontext=staff_u:staff_r:skype_t tcontext=staff_u:object_r:user_home_t tclass=dir
type=AVC msg=audit(1370887345.322:1846): avc:  denied  { rmdir } for  pid=9890 comm="skype" name=".pulse" dev="dm-0" ino=1082527 scontext=staff_u:staff_r:skype_t tcontext=staff_u:object_r:user_home_t tclass=dir

-- fixed denials on cert through miscfiles_read_generic_certs(skype_t), ignoring pulse for now

Seems like skype now works again (still a few denials, but working for me).

Reproducible: Always
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2013-06-10 18:34:14 UTC 
In repo
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2013-07-21 16:26:24 UTC 
In repo, ~arch (rev 2 of the policies)
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2013-08-15 07:47:03 UTC 
r2 is now stable