SELINUX UPDATE PROBLEMS
Boris Glawe
boris at boris-glawe.de
Tue Jun 14 20:34:40 UTC 2005
Hi,
According to some bugreports and some postings here, there is an issue
with the latest selinux-policy update.
In my case I cannot run OpenOffice (both 1.1.4 and 1.9.104). I am using
the version from openoffice.org, installed in /opt. syslog:
Jun 13 11:21:52 mymachine kernel: audit(1118654512.067:0): avc: denied {
execmod } for pid=6188 comm=soffice.bin
path=/opt/openoffice.org1.9.104/program/libicudata.so.26.0.1 dev=hda6 ino=54865
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:usr_t tclass=file
Jun 13 11:22:53 mymachine kernel: audit(1118654573.135:0): avc: denied {
execmod } for pid=6215 comm=soffice.bin
path=/opt/OpenOffice.org/program/libicudata.so.22.0 dev=hda6 ino=51385
scontext=user_u:system_r:unconfined_t tcontext=root:object_r:usr_t tclass=file
In addition I cannot load my self written shared libraries in my
homedirectory:
# ./testprog
./testprog: error while loading shared libraries:
/home/user/workspace/prog/libprog.so: cannot restore segment prot after
reloc: Permission denied
syslog:
Jun 13 11:17:03 mymachine kernel: audit(1118654223.196:0): avc: denied {
execmod } for pid=6155 comm=testprog path=/home/user/workspace/prog/libprog.so
dev=hda5 ino=1458690 scontext=user_u:system_r:unconfined_t tcontext=user_u:object_r:user_home_t tclass=file
And last but not least, the flashplayer causes thousands of messages of the from
Jun 13 11:13:59 mymachine kernel: audit(1118654039.474:0): avc: denied {
execmod } for pid=4663 comm=firefox-bin
path=/home/user/.mozilla/plugins/libflashplayer.so dev=hda5 ino=1409670
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:user_home_t
tclass=file
Users that do also have problems:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160363
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160331
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160238
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160147
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160106
Is this new behaviour a feature or a bug? I am wondering, why fedora
switched from a working to a non-working selinux configuration without
fixing it immediately.
greets Boris
More information about the fedora-list
mailing list