On some distros (ie:
CentOS 5.x), the static codec builds will not load without:
chcon -t texrel_shlib_t lib.so /path/to/codec.so
Otherwise we get a:
cannot restore segment prot after reloc
We should be able to do this as an rpm post installation scriptlet I think.
fixed in r2902 - seems to work on
As per SELinux Reveals Bugs in other code:
chcon won't survive a relabel!
We also need:
semanage fcontext -a -t texrel_shlib_t /path/to/codec.so
texrel_shlib_t is an alias for
textrel_shlib_t, I believe it is safer to use the former with older distros like centos5.
semanage change in r7008, also needed to use
textrel_shlib_t (r7009: with a
t) for compatibility with newer policies, and added dependency on
policycoreutils for centos5 in r7010). Backport for all of this in r7011.
Tested with beta packages, the library label survived a system relabel.
This will be a non-issue with #613 as we will no longer use static modules.
Closing, feel free to re-open if I've missed something.
Note: the ticket for the xpra selinux policy is #815.
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/284