1.119.1. RHBA-2010:0559: bug fix update
An updated qffmpeg package that fixes an SELinux incompatibility is now available.
qffmpeg provides video codecs for the Spice remote desktop protocol.
This update addresses the following issue:
* shared libraries at /usr/lib/libqavcodec.so.51 required a text relocation (a reference to an object with a variable address at runtime using an absolute addressing mode). This is a potential security problem and, consequently, when a Spice session attempted to load these libraries an SELinux exception triggered and Spice failed to launch with the following error:
spicec: error while loading shared libraries: /usr/lib/libqavcodec.so.51:
cannot restore segment prot after reloc: Permission denied
This update corrects the affected qffmpeg assembly: text relocation is no longer required and the exception is no longer triggered. ( BZ#576564)
Note: a workaround existed. The file context and default file context of "/usr/lib/libqavcodec.so.51.71.0" could be changed as follows to allow the library to load:
chcon -t textrel_shlib_t '/usr/lib/libqavcodec.so.51.71.0'
semanage fcontext -a -t textrel_shlib_t '/usr/lib/libqavcodec.so.51.71.0'
This workaround is no longer necessary. If the workaround was used prior to this update's release, undoing these changes is recommended.
All Spice users should install this updated package which fixes this bug.