CodeMeter and Fluendo OnePlay
I tried CentOS 7 in a VM and noticed they don't provide codecs to play video other than the usual free Theora Ogg formats unless one installs third party repositories first. I checked Fluendo's site and saw that they have a free trial of OnePlay with the codecs included. I found out OnePlay is protected with a dubious sounding "CodeMeter". Is anybody aware what shenanigans they are up to this time?
| Attachment | Size |
|---|---|
| VirtualBox_CentOS 7_17_04_2016_13_46_13.png | 143.28 KB |
Here's what OnePlay Player looks like. I had some issues with it like stuttering (might be due to the VM) and subtitles missing in some files. I must say the free VLC worked better out of the box after I installed it. Who buys these proprietary players and codecs for GNU/Linux? As far as I know, Fluendo's codecs are essentially the same as Gstreamer plugins available. Maybe they are better than nothing for vendors to include for a price with their systems that come with GNU/Linux preinstalled to avoid the pitfalls of alleged patent infringing.
Codemeter is the copy-protection (DRM) they use for their software.
I'd recommend ditching OnePlay and switching to Gstreamer...
Many years ago when playback of videos and DVD's on GNU/Linux was harder than it's now, I had Fluendo's DVD player that I paid for. It came without any DRM schemes other than region code enforced. The only major downside (other than being non-free) was updates were not free after the first year.
It would be great to support some Free Libre company or commercial software that respects my freedoms but if they turn into proprietary gatekeepers just like that, it's a big deal breaker.
The question is, are Fluendo's products all hampered and hamstrung with DRM and spyware or is it just because I downloaded a 30-day trial?
EDIT...
Fluendo's FAQ resorts to the usual newspeak babble we'd expect to see in a walled garden. "Improve security" -- who's security is that?
Q: I installed ONEPLAY but I can see it installed some other software named CodeMeter, what is that ?
A: ONEPLAY uses an external license management system to improve security and make it easier for our customers to handle complex deployments. CodeMeter comes from our partner WIBU a very well known security solution provider.
Both the DVD player and the codec pack are proprietary software. Why even mentioning them?
For sure, especially since we already have free programs to do exactly what these proprietary programs do.
I was curious about this. To me it looks like a prime example why free libre software must win hands down. Fluendo is a company based in Barcelona, Spain. I wonder if anybody knows about their position. Particularly the DRM part, the bit they call CodeMeter. What does it do? Does it sniff on my activities or call home? Why is it needed?
Is there any merit to their claim offering a legal way to play multimedia in GNU/Linux?
"Fluendo S.A. is a private company founded by Pascal Pegaz based in Barcelona, Spain. Fluendo aims at improving the global multimedia experience in the Free Software world by funding, developing and maintaining the GStreamer media framework and providing a wide range of, both commercial and free, products on top of it."
https://en.wikipedia.org/wiki/Fluendo
"Why would I need to pay for ONEPLAY Player when other players are free?
A: ONEPLAY player is a complete player providing all the features that you can find in any other multimedia player, BUT legal. It means Fluendo does not infringe any patent on any multimedia formats. Other players usually can play a very restricted list of formats (supported by the Operating System) or play more formats but infringing patent licenses as you don't pay for the patent royalty."
http://www.oneplaydirect.com/faq/
They are here "to help". What exactly is their contribution to Gstreamer?
"Is there any merit to their claim offering a legal way to play multimedia in GNU/Linux?"
Given the wording in the FAQ they likely pay money into the patent protection racket, thereby supporting the very problem that the free world seeks to eliminate. In addition, my research online seems to indicate that Fluendo may also be members of the DVD Copy Control Association, perpetuating another problem.
Fluendo seems to be saying that the only way for people to be "safe" is to pay for their proprietary software licenses so that they can keep you safe from those that may otherwise do you harm. It seems like the very definition of racketeering and overlooks the two-prong strategy that the free world has been pushing for to accomplish the same thing while protecting people's freedom: The first prong seeks to eliminate software patents entirely while the second seeks to promote the use of formats that are not encumbered by patent problems until (or unless) the first prong is successful. There is also a third prong which seeks to eliminate DRM, along with various DMCA-style laws in countries around the world.
It is important to reject Fluendo's stuff, both to avoid supporting the very thing that the free world seeks to eliminate, but also for your freedom's sake.
It is also worth remembering that:
- software patents are illegal in most of the world: in the European Union, China, India, Brazil, Russia, South Africa, New Zealand, etc.;
- Trisquel's default install includes the "ugly" set of GStreamer plugins (called like that because of actively enforced patents on the "technology" they implement);
- executing 'sudo /usr/share/doc/libdvdread4/install-css.sh' in a terminal installs "libdvdcss2" to read DVDs with DRMs (most movie DVDs, unfortunately).
Even Windows 10 doesn't natively support encrypted DVD's anymore. They removed the codec and the functionality (Media Center). A player is available in the shop for $$. The free alternative is, of course VLC and libdvdcss*.
In Fedora, one has to install RPM Fusion. It's a few clicks away, so pretty easy to do even when trying Fedora live. CentOS 7 doesn't have RPM Fusion so far.
http://rpmfusion.org/Configuration/
Here's some more on the "legal path".
http://thevarguy.com/ubuntu/multimedia-codecs-legal-path
"But if you run a business, local government or other organization that can't so easily disregard intellectual property laws, you have to think twice before installing patented multimedia codecs onto your Ubuntu system.
Fortunately for the growing number of organizations that deploy Ubuntu on their workstations, however, the gstreamer-ugly plugins are not the only way to enable patented multimedia playback. Fluendo, a company based in Barcelona, offers legal codecs for a variety of patented formats, including MP3, MPEG2, MPEG4, H264, AAC, WMV and WMA.
Fluendo's products, some of which are available in the Canonical store, are targeted at businesses and local governments that deploy Ubuntu and need legal support for popular multimedia formats, but are also available for individual use. They range from MP3, codecs, which are free, to support for DVD playback."
https://www.linux.com/blog/fluendo-advances-multimedia-linux
"The quality of our codecs has been recognized by dozens of the major OEMs and PC makers who ship them in their own products. Many production companies and IT companies are also using them internally."
Fluendo seems to be catering to the corporate world. I doubt any individual home user would be compelled to install their codecs.
Warning about the RPM Fusion repository: it is full of proprietary software!
Only if you enable the non-free repository. I'm not sure why Fedora doesn't include plugins for common multimedia playback like Trisquel does.
You're right, though, as the repo is there for a reason as opposed to being included in Fedora outright. FSF guidelines on free software also prohibit endorsing Fedora as a libre free distribution. My guess is it must be the US law. Fedora also has an EULA that forbids exporting or distributing "Fedora software and technical information" to certain countries (Cuba and others). This restriction (guessing again) must have been inherited from Red Hat Enterprise.
https://en.wikipedia.org/wiki/RPM_Fusion
https://www.gnu.org/distros/common-distros.html
https://getfedora.org/en/workstation/download/#
"Export regulations
By downloading Fedora software, you acknowledge that you understand all of the following: Fedora software and technical information may be subject to the U.S. Export Administration Regulations (the “EAR”) and other U.S. and foreign laws and may not be exported, re-exported or transferred (a) to any country listed in Country Group E:1 in Supplement No. 1 to part 740 of the EAR (currently, Cuba, Iran, North Korea, Sudan & Syria); (b) to any prohibited destination or to any end user who has been prohibited from participating in U.S. export transactions by any federal agency of the U.S. government; or (c) for use in connection with the design, development or production of nuclear, chemical or biological weapons, or rocket systems, space launch vehicles, or sounding rockets, or unmanned air vehicle systems. You may not download Fedora software or technical information if you are located in one of these countries or otherwise subject to these restrictions. You may not provide Fedora software or technical information to individuals or entities located in one of these countries or otherwise subject to these restrictions. You are also responsible for compliance with foreign law requirements applicable to the import, export and use of Fedora software and technical information."
I'm not sure why Fedora doesn't include plugins for common multimedia playback like Trisquel does."
Probably to minimize patent risk.
Fedora is based in the US while Trisquel in Spain?
Yes... although quidam, Trisquel's leader and main developer, migrated to the US to work at the FSF.
Fedora is sponsored by Red Hat, a multinational corporation headquartered in Raleigh, North Carolina, USA. Official Trisquel policy seems to be: Ignore patents entirely. Can't necessarily blame others for wanting to draw the line in a different place though. And you can't escape patent problems entirely because the whole system (at least in the US) is soooooooooooooooooo broken. But there is some low-hanging fruit that is very easy to chop off. Multimedia codecs is one such thing.
Debian Jessie plays multimedia just fine from a live DVD. Well, Totem has a Gstreamer bug and one must remove gstreamer1.0-vaapi first. I'm on Debian and I've not added any multimedia enabling repos or installed additional codecs.
https://bugs.launchpad.net/ubuntu/+source/gstreamer1.0/+bug/1373978
name at domain, Mar 19 Abr 2016 04:49:50 CEST:
> Official Trisquel policy seems to be: Ignore patents entirely.
Microsoft has claimed for years to have 200+ software patents
covering tasks performed by the Linux kernel, and that is their legal
basis for successfully charging money to pretty much every Android
device sold in the US. But remember, it is different with GNU/Linux.
GNU/Linux is well known for having a patents shield of thousands of
patents, supplied by Novell, IBM, Red Hat and many other companies.
It is worth noting also that software patents are ilegal in
Europe, bit I don't think that Trisquel relies on that - even tough it
is a distribución of european original, Trisquel is intended for the
entire world, including the US. Otherwise Trisquel wouldn't be
distributed in the FSF membership cards which are sent from the US.
------------------------------------------------------------------------
Ignacio Agulló · name at domain
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
FSF guidelines on free software also prohibit endorsing Fedora as a libre free distribution. My guess is it must be the US law.
https://www.gnu.org/distros/common-distros.html explains why the FSF does not endorse Fedora:
Fedora does have a clear policy about what can be included in the distribution, and it seems to be followed carefully. The policy requires that most software and all fonts be available under a free license, but makes an exception for certain kinds of nonfree firmware. Unfortunately, the decision to allow that firmware in the policy keeps Fedora from meeting the free system distribution guidelines.
That line was misplaced, it refers to the first line but the line in-between makes it ambiguous, sorry for that. I wanted to say that the repos are in RPM Fusion, not in the distribution itself ('because the law'). I read the FSF endorsement policy (firmware) before I posted and provided a link to it in my post. I made edits and the order got ass backwards.
Corrected here (can't edit my post as it has replies):
You're right, though, as the repo is there for a reason as opposed to being included in Fedora outright. My guess is it must be the US law. FSF guidelines on free software also prohibit endorsing Fedora as a libre free distribution.
Moreover, it's inconsistent on FSF's part as they don't make any reference to Fedora having non-free repos enabled easily -- like Debian. They seem to think that Debian's non-free repos are somehow more integrated into the system than they are in Fedora.
"Debian also provides a repository of nonfree software. According to the project, this software is “not part of the Debian system,” but the repository is hosted on many of the project's main servers, and people can readily find these nonfree packages by browsing Debian's online package database and its wiki.
There is also a “contrib” repository; its packages are free, but some of them exist to load separately distributed proprietary programs. This too is not thoroughly separated from the main Debian distribution."
"Moreover, it's inconsistent on FSF's part as they don't make any reference to Fedora having non-free repos enabled easily -- like Debian. They seem to think that Debian's non-free repos are somehow more integrated into the system than they are in Fedora."
(Sorry, an earlier version of this message was lost when I somehow accidentally activated the browser's Back button. Now I have to re-write this and it won't be as good.)
On the contrary: The setups are quite different. RPM Fusion is under a different domain name, on different servers, maintained by different people, and not referred to in the Fedora documentation. It seems that the FSF considers that to be sufficiently different that it's no different than if some random person on the internet, with no connection to the Fedora project, were to distribute non-free software. With the connection broken, it seems they find it unfair to blame the Fedora Project itself.
In comparison, Debian's non-free exists within the debian.org domain name, on Debian servers, maintained by Debian Developers while wearing their official Debian hats, and referred to in the Debian documentation. So I forgive the FSF for not buying into the Debian Project's excuse that "Oh no - that's not mine" when other packages meeting that same criteria -- say GNOME -- that are "within the debian.org domain name, on Debian servers, maintained by Debian Developers while wearing the official Debian hats, and referred to in the Debian documentation" is officially part of Debian. It seems the FSF sees right through this too.
Perhaps if the separation were made clearer -- more like RPM Fusion -- things would change.
"...having non-free repos enabled easily..."
It's not about how "easy" or "hard" it is to install non-free software. If you review the FSF's criteria for endorsing a distro at http://www.gnu.org/distros/free-system-distribution-guidelines.html they make no requirement that a distro work to frustrate someone's efforts to install non-free stuff. The only requirement is that the Project not distribute it or steer people to it. (The Debian Project goes against both of those things by both distributing it and steering people to it via the documentation.)
And this matches another one of their documents. To quote from "Avoiding Ruinous Compromises" at http://www.gnu.org/philosophy/compromise.en.html:
"The issue here is not whether people should be 'able' or 'allowed' to install nonfree software; a general-purpose system enables and allows users to do whatever they wish."
"The issue is whether we guide users towards nonfree software. What they do on their own is their responsibility; what we do for them, and what we direct them towards, is ours. We must not direct the users towards proprietary software as if it were a solution, because proprietary software is the problem."
Given the different setups it seems that the FSF considers the Debian Project to do more 'directing' (since it's in their documentation and distributed by the project) than Fedora does.
"It's not about how "easy" or "hard" it is to install non-free software."
I was under the illusion that Trisquel deliberately makes it harder to install non-free firmware. It won't accept wi-fi blobs, for instance. About third-party repos I'm not sure. I guess non-free repos are easily added if one so wishes.
"I was under the illusion that Trisquel deliberately makes it harder to install non-free firmware."
Nope. That is a bug in Linux-libre that Trisquel inherited from using the Linux-libre deblob scripts. You see, when the non-free firmware isn't there and the kernel tries to use it, the name of the firmware file gets logged along with a "file not found" error message. Alexandre Oliva, the maintainer of Linux-libre, sees that as people's computers telling them to go install some file because it's missing and thinks that this falls into the category of "steering" people toward it.
So he found a way to avoid that problem by munging the file name so that it isn't logged anymore. A side effect of that is the kernel won't load the file, even if it's there, because the file name the kernel is wanting doesn't match the name of the firmware that's installed.
It's entirely a side effect of trying to avoid steering people to non-free things. Ideally a different method could be found. There's even an incomplete patch on the Linux-libre mailing list to enable firmware loading without steering people to it but it seems a low priority, especially since someone that really wants to could un-munge the file names, re-build the kernel with that change, and continue on with it happily loading the firmware.
That's interesting. Thanks for the clarification.
The future may be murky for libdvdcss and DVD (let alone BR) playback on GNU/Linux.
https://forums.opensuse.org/showthread.php/501117-Playing-copy-protected-DVDs-in-SuSE-13-1
Some recent DVDs use an improved digital restrictions management scheme that libdvdcss is unable to crack, thus rendering the DVDs inaccessible under a free operating system. I bet Fluendo is counting on this with their business model.
Then again, who buys DVDs anymore? The optical disc format could just be dead as it is.
Perhaps we should be more concerned with this.
https://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection
HDCP is broken: https://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection#Master_key_release
I don't know what problem that person was having but it's not related to some form of new DRM on DVDs. The encryption on DVDs can never be changed. If it were the millions of DVD players still out there in the world would be rendered incompatible because, unlike Blu-Ray players, they cannot be field upgraded. Thanks to this we can say that the DRM on DVDs is permanently and irrevocably broken.
I understand that work on Blu-Ray continues. There has been some success but also much still needs doing.
"Then again, who buys DVDs anymore? The optical disc format could just be dead as it is."
Don't count it out yet: Since the DRM is permanently broken it's a way to get DRM-free movies. :)
As of late, some DVDs can't be ripped. Handbrake can't find the source. They have introduced garbage in the file system that is ignored when playing but when ripping bit by bit they cause trouble. They are non-standard fake tracks designed to obfuscate. That is my understanding. A DVD that can't be transferred to other devices is useless.
That's easy: Check out which title is the real one by playing it in VLC or some such other program. Follow through the DVD menus to play it. Then go up to VLC's Playback menu and look at which title is playing. Instruct the ripping program to use that title. Ta Da. :)
So it is only a stupid annoyance and doesn't qualify as an "improved digital restrictions management scheme that libdvdcss is unable to crack, thus rendering the DVDs inaccessible under a free operating system" as you initially described, so I stand by my original statement. :)
While playing a movie on Fedora live I got this security alert. I guess it's probably unrelated, but is it possible that CodeMeter running in the background could be to blame?
SELinux is preventing abrt-hook-ccpp from getattr access on the file file.
***** Plugin catchall_labels (83.8 confidence) suggests *******************
If you want to allow abrt-hook-ccpp to have getattr access on the file file
Then you need to change the label on file
Do
# semanage fcontext -a -t FILE_TYPE 'file'
where FILE_TYPE is one of the following: NetworkManager_log_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_helper_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_lib_t, abrt_var_log_t, abrt_var_run_t, acct_data_t, admin_crontab_tmp_t, admin_home_t, afs_logfile_t, aide_log_t, alsa_tmp_t, amanda_log_t, amanda_tmp_t, anon_inodefs_t, antivirus_log_t, antivirus_tmp_t, apcupsd_log_t, apcupsd_tmp_t, apmd_log_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_log_t, asterisk_tmp_t, auditadm_sudo_tmp_t, auth_cache_t, automount_tmp_t, awstats_tmp_t, bacula_log_t, bacula_tmp_t, bin_t, bitlbee_log_t, bitlbee_tmp_t, blueman_tmp_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_tmp_t, boinc_log_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_tmp_t, bugzilla_tmp_t, calamaris_log_t, callweaver_log_t, canna_log_t, cardmgr_dev_t, ccs_tmp_t, ccs_var_lib_t, ccs_var_log_t, cdcc_tmp_t, certmaster_var_log_t, cfengine_log_t, cgred_log_t, checkpc_log_t, chrome_sandbox_tmp_t, chronyd_var_log_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_log_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, cloud_init_tmp_t, cloud_log_t, cluster_tmp_t, cluster_var_log_t, cobbler_tmp_t, cobbler_var_log_t, cockpit_tmp_t, collectd_script_tmp_t, colord_tmp_t, comsat_tmp_t, condor_log_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, conman_log_t, conman_tmp_t, consolekit_log_t, couchdb_log_t, couchdb_tmp_t, cpu_online_t, crack_tmp_t, cron_log_t, crond_tmp_t, crontab_tmp_t, ctdbd_log_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_log_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_tmp_t, cyphesis_log_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dcc_client_tmp_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_log_t, ddclient_tmp_t, debugfs_t, deltacloudd_log_t, deltacloudd_tmp_t, denyhosts_var_log_t, devicekit_tmp_t, devicekit_var_log_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_snmp_var_log_t, dirsrv_tmp_t, dirsrv_var_log_t, dirsrvadmin_tmp_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dlm_controld_var_log_t, dnsmasq_var_log_t, dnssec_trigger_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, dovecot_var_log_t, drbd_tmp_t, dspam_log_t, etc_runtime_t, etc_t, evtchnd_var_log_t, exim_log_t, exim_tmp_t, fail2ban_log_t, fail2ban_tmp_t, faillog_t, fenced_tmp_t, fenced_var_log_t, fetchmail_log_t, fingerd_log_t, firewalld_tmp_t, firewalld_var_log_t, firewallgui_tmp_t, foghorn_var_log_t, fonts_cache_t, fonts_t, fsadm_log_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_tmp_t, games_tmp_t, games_tmpfs_t, gconf_tmp_t, gear_log_t, geoclue_tmp_t, getty_log_t, getty_tmp_t, gfs_controld_var_log_t, git_script_tmp_t, gkeyringd_tmp_t, glance_log_t, glance_registry_tmp_t, glance_tmp_t, glusterd_log_t, glusterd_tmp_t, gpg_agent_tmp_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_tmp_t, groupd_var_log_t, gssd_tmp_t, haproxy_var_log_t, hsqldb_tmp_t, httpd_log_t, httpd_php_tmp_t, httpd_suexec_tmp_t, httpd_tmp_t, icecast_log_t, inetd_child_tmp_t, inetd_log_t, inetd_tmp_t, init_tmp_t, init_var_lib_t, initrc_tmp_t, initrc_var_log_t, innd_log_t, ipsec_log_t, ipsec_tmp_t, iptables_tmp_t, iscsi_log_t, iscsi_tmp_t, iwhd_log_t, jetty_log_t, jetty_tmp_t, jockey_var_log_t, kadmind_log_t, kadmind_tmp_t, kdumpctl_tmp_t, kdumpgui_tmp_t, keystone_log_t, keystone_tmp_t, kismet_log_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, krb5_host_rcache_t, krb5kdc_log_t, krb5kdc_tmp_t, ksmtuned_log_t, ktalkd_log_t, ktalkd_tmp_t, l2tpd_tmp_t, lastlog_t, ld_so_cache_t, ld_so_t, ldconfig_tmp_t, lib_t, livecd_tmp_t, locale_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_tmp_t, lvm_tmp_t, machineid_t, mail_munin_plugin_tmp_t, mailman_cgi_tmp_t, mailman_log_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man_cache_t, man_t, mandb_cache_t, mcelog_log_t, mdadm_log_t, mdadm_tmp_t, mediawiki_tmp_t, minidlna_log_t, mirrormanager_log_t, mock_tmp_t, mojomojo_tmp_t, mongod_log_t, mongod_tmp_t, motion_log_t, mount_tmp_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_tmp_t, mozilla_tmpfs_t, mpd_log_t, mpd_tmp_t, mplayer_tmpfs_t, mrtg_log_t, mscan_tmp_t, munin_log_t, munin_script_tmp_t, munin_tmp_t, mysqld_log_t, mysqld_tmp_t, mythtv_var_log_t, naemon_log_t, nagios_eventhandler_plugin_tmp_t, nagios_log_t, nagios_openshift_plugin_tmp_t, nagios_system_plugin_tmp_t, nagios_tmp_t, named_log_t, named_tmp_t, netutils_tmp_t, neutron_log_t, neutron_tmp_t, nova_log_t, nova_tmp_t, nscd_log_t, ntop_tmp_t, ntpd_log_t, ntpd_tmp_t, numad_var_log_t, nut_upsd_tmp_t, nut_upsdrvctl_tmp_t, nut_upsmon_tmp_t, nx_server_tmp_t, openshift_cgroup_read_tmp_t, openshift_cron_tmp_t, openshift_initrc_tmp_t, openshift_log_t, openshift_tmp_t, opensm_log_t, openvpn_status_t, openvpn_tmp_t, openvpn_var_log_t, openvswitch_log_t, openvswitch_tmp_t, openwsman_log_t, openwsman_tmp_t, osad_log_t, pam_timestamp_tmp_t, passenger_log_t, passenger_tmp_t, passwd_file_t, pcp_log_t, pcp_tmp_t, pegasus_openlmi_storage_tmp_t, pegasus_tmp_t, piranha_log_t, piranha_web_tmp_t, pkcs_slotd_tmp_t, pki_ra_log_t, pki_tomcat_log_t, pki_tomcat_tmp_t, pki_tps_log_t, plymouthd_var_log_t, podsleuth_tmp_t, podsleuth_tmpfs_t, policykit_tmp_t, polipo_log_t, portmap_tmp_t, postfix_bounce_tmp_t, postfix_cleanup_tmp_t, postfix_local_tmp_t, postfix_map_tmp_t, postfix_pickup_tmp_t, postfix_pipe_tmp_t, postfix_postdrop_t, postfix_qmgr_tmp_t, postfix_smtp_tmp_t, postfix_smtpd_tmp_t, postfix_virtual_tmp_t, postgresql_log_t, postgresql_tmp_t, pppd_log_t, pppd_tmp_t, pptp_log_t, prelink_exec_t, prelink_log_t, prelink_tmp_t, prelude_lml_tmp_t, prelude_log_t, privoxy_log_t, proc_t, procmail_log_t, procmail_tmp_t, prosody_log_t, prosody_tmp_t, psad_tmp_t, psad_var_log_t, pulseaudio_tmpfs_t, puppet_log_t, puppet_tmp_t, puppetmaster_tmp_t, pyicqt_log_t, qdiskd_var_log_t, qpidd_tmp_t, rabbitmq_var_log_t, racoon_tmp_t, radiusd_log_t, realmd_tmp_t, redis_log_t, rhev_agentd_log_t, rhev_agentd_tmp_t, rhsmcertd_log_t, rhsmcertd_tmp_t, ricci_modcluster_var_log_t, ricci_tmp_t, ricci_var_log_t, rkhunter_var_lib_t, rlogind_tmp_t, rolekit_tmp_t, rpcbind_tmp_t, rpm_log_t, rpm_script_tmp_t, rpm_tmp_t, rsync_log_t, rsync_tmp_t, rtas_errd_log_t, rtas_errd_tmp_t, samba_log_t, samba_net_tmp_t, sanlock_log_t, sblim_tmp_t, secadm_sudo_tmp_t, sectool_tmp_t, sectool_var_log_t, selinux_munin_plugin_tmp_t, semanage_tmp_t, sendmail_log_t, sendmail_tmp_t, sensord_log_t, services_munin_plugin_tmp_t, session_dbusd_tmp_t, setroubleshoot_tmp_t, setroubleshoot_var_log_t, sge_tmp_t, shell_exec_t, shorewall_log_t, shorewall_tmp_t, slapd_log_t, slapd_tmp_t, slpd_log_t, smbd_tmp_t, smoltclient_tmp_t, smsd_log_t, smsd_tmp_t, snapperd_log_t, snmpd_log_t, snort_log_t, snort_tmp_t, sosreport_tmp_t, soundd_tmp_t, spamc_tmp_t, spamd_log_t, spamd_tmp_t, speech-dispatcher_log_t, speech-dispatcher_tmp_t, squid_log_t, squid_tmp_t, squirrelmail_spool_t, src_t, ssh_agent_tmp_t, ssh_keygen_tmp_t, ssh_tmpfs_t, sssd_var_log_t, staff_sudo_tmp_t, stapserver_log_t, stapserver_tmp_t, stunnel_tmp_t, svirt_tmp_t, svnserve_tmp_t, swat_tmp_t, swift_tmp_t, sysadm_passwd_tmp_t, sysadm_sudo_tmp_t, syslogd_tmp_t, syslogd_var_run_t, sysstat_log_t, system_conf_t, system_cronjob_tmp_t, system_db_t, system_dbusd_tmp_t, system_mail_tmp_t, system_munin_plugin_tmp_t, tcpd_tmp_t, telepathy_gabble_tmp_t, telepathy_idle_tmp_t, telepathy_logger_tmp_t, telepathy_mission_control_tmp_t, telepathy_msn_tmp_t, telepathy_salut_tmp_t, telepathy_sofiasip_tmp_t, telepathy_stream_engine_tmp_t, telepathy_sunshine_tmp_t, telnetd_tmp_t, tetex_data_t, textrel_shlib_t, tgtd_tmp_t, thin_aeolus_configserver_log_t, thin_log_t, thumb_tmp_t, tmp_t, tomcat_log_t, tomcat_tmp_t, tor_var_log_t, tuned_log_t, tuned_tmp_t, tvtime_tmp_t, tvtime_tmpfs_t, udev_tmp_t, ulogd_var_log_t, uml_tmp_t, uml_tmpfs_t, unconfined_munin_plugin_tmp_t, update_modules_tmp_t, user_cron_spool_t, user_fonts_t, user_home_t, user_mail_tmp_t, user_tmp_t, usr_t, uucpd_log_t, uucpd_tmp_t, var_log_t, var_spool_t, varnishd_tmp_t, varnishlog_log_t, vdagent_log_t, virt_log_t, virt_qemu_ga_log_t, virt_qemu_ga_tmp_t, virt_tmp_t, vmtools_tmp_t, vmware_host_tmp_t, vmware_log_t, vmware_tmp_t, vmware_tmpfs_t, vpnc_tmp_t, w3c_validator_tmp_t, watchdog_log_t, webadm_tmp_t, webalizer_tmp_t, winbind_log_t, wireshark_tmp_t, wireshark_tmpfs_t, wtmp_t, xauth_tmp_t, xdm_log_t, xend_tmp_t, xend_var_log_t, xenstored_tmp_t, xenstored_var_log_t, xferlog_t, xserver_log_t, xserver_tmpfs_t, ypbind_tmp_t, ypserv_tmp_t, zabbix_log_t, zabbix_tmp_t, zarafa_deliver_log_t, zarafa_deliver_tmp_t, zarafa_gateway_log_t, zarafa_ical_log_t, zarafa_indexer_log_t, zarafa_indexer_tmp_t, zarafa_monitor_log_t, zarafa_server_log_t, zarafa_server_tmp_t, zarafa_spooler_log_t, zarafa_var_lib_t, zebra_log_t, zebra_tmp_t, zoneminder_log_t.
Then execute:
restorecon -v 'file'
***** Plugin catchall (17.1 confidence) suggests **************************
If you believe that abrt-hook-ccpp should be allowed getattr access on the file file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep abrt-hook-ccpp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:abrt_dump_oops_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects file [ file ]
Source abrt-hook-ccpp
Source Path abrt-hook-ccpp
Port
Host localhost
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-152.fc23.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost
Platform Linux localhost 4.2.3-300.fc23.x86_64 #1 SMP Mon
Oct 5 15:42:54 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2016-04-19 06:22:28 EDT
Last Seen 2016-04-19 06:22:28 EDT
Local ID cef55d4d-478c-4d33-8826-2b50412b7b0b
Raw Audit Messages
type=AVC msg=audit(1461061348.290:635): avc: denied { getattr } for pid=3494 comm="abrt-hook-ccpp" path="ipc:[4026531839]" dev="nsfs" ino=4026531839 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Hash: abrt-hook-ccpp,abrt_dump_oops_t,unlabeled_t,file,getattr
Questions about Fedora are probably best directed to the Fedora Project's existing support resources. :)
I'm on Debian. It's not a real issue I'm concerned about, just meddling with it out of general curiosity and recording for posteriority as there's hardly any hits about Fluendo's practices in the hope that a casual googler will find this before buying into the concept of patented codecs or DRM encumbered media players. I'm not endorsing or planning to use Fedora or Fluendo's stuff nor did I expect anybody to help on Fedora related issues raised here. Furthermore, the point was not to find a solution to Fluendo's issues but to manifest these issues. So I'll leave it at that and let everybody ignore the almost rhetoric question I made. Thanks for any interest or advice shown in this thread.