I’ve just updated my SE Linux repository for Squeeze to better support running mplayer on the i386 architecture, below is the APT sources.list line:

deb http://www.coker.com.au squeeze selinux

The first issue is a bug in the compilation of the SDL libraries which makes them request an executable stack (bug #613535). Recompiling the libraries on my system caused this bug to go away, so it must be some issue with the compilation process. I have previously summarised the execstack issue, but we haven’t solved this yet [1].

The next issue is the fact that the ffmpeg libraries require execmod access (see my previous post for the details of the execmod issue [2]. The execmod issue with ffmpeg is pretty much the same as it was when I first wrote about the issue in 2008 [3]

Finally the allow_execmem boolean needs to be set on i386 with the command “setsebool -P allow_execmem 1” to allow libGL the access it needs. This is an issue I haven’t been able to solve, I don’t know why libGL needs write and execute access to memory, I posted to the SE Linux list about this some time ago but didn’t get any good answers [4]. Any suggestions would be appreciated.

• [1] http://etbe.coker.com.au/2008/08/11/executable-stacks-lenny/
• [2] http://etbe.coker.com.au/2008/09/11/execmod-and-se-linux-i386-must-die/
• [3] http://etbe.coker.com.au/2008/09/12/fixing-execmod-textrel-problems-in-lenny/
• [4] http://comments.gmane.org/gmane.comp.security.selinux/14128

Related posts:

1. Execmod and SE Linux – i386 Must Die I have previously written about the execmod permission check in...
2. Debian Multimedia and SE Linux I have just had a need to install packages from...
3. My Squeeze SE Linux Repository deb http://www.coker.com.au squeeze selinux I have an Apt repository for...
4. Status of SE Linux in Debian LCA 2009 This morning I gave a talk at the Security mini-conf...
5. SE Linux status in Debian/Squeeze ffmpeg I’ve updated my SE Linux repository for Squeeze to...