[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELINUX UPDATE PROBLEMS



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Boris Glawe wrote:
| Hi,
|
| According to some bugreports and some postings here, there is an issue
| with the latest selinux-policy update.
|
| In my case I cannot run OpenOffice (both 1.1.4 and 1.9.104). I am using
| the version from openoffice.org, installed in /opt. syslog:
|
| Jun 13 11:21:52 mymachine kernel: audit(1118654512.067:0): avc:  denied  {
| execmod } for  pid=6188 comm=soffice.bin
| path=/opt/openoffice.org1.9.104/program/libicudata.so.26.0.1 dev=hda6
| ino=54865
| scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:usr_t
| tclass=file
|
|
| Jun 13 11:22:53 mymachine kernel: audit(1118654573.135:0): avc:  denied  {
| execmod } for  pid=6215 comm=soffice.bin
| path=/opt/OpenOffice.org/program/libicudata.so.22.0 dev=hda6 ino=51385
| scontext=user_u:system_r:unconfined_t tcontext=root:object_r:usr_t
| tclass=file
|
|
| In addition I cannot load my self written shared libraries in my
| homedirectory:
|
| # ./testprog
| ./testprog: error while loading shared libraries:
| /home/user/workspace/prog/libprog.so: cannot restore segment prot after
| reloc: Permission denied
|
| syslog:
|
| Jun 13 11:17:03 mymachine kernel: audit(1118654223.196:0): avc:  denied  {
| execmod } for  pid=6155 comm=testprog
| path=/home/user/workspace/prog/libprog.so
| dev=hda5 ino=1458690 scontext=user_u:system_r:unconfined_t
| tcontext=user_u:object_r:user_home_t tclass=file
|
| And last but not least, the flashplayer causes thousands of messages of
| the from
|
| Jun 13 11:13:59 mymachine kernel: audit(1118654039.474:0): avc:  denied  {
| execmod } for  pid=4663 comm=firefox-bin
| path=/home/user/.mozilla/plugins/libflashplayer.so dev=hda5 ino=1409670
| scontext=user_u:system_r:unconfined_t
| tcontext=system_u:object_r:user_home_t
| tclass=file
|
|
|
| Users that do also have problems:
|
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160363
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160331
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160238
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160147
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160106
|
| Is this new behaviour a feature or a bug? I am wondering, why fedora
| switched from a working to a non-working selinux configuration without
| fixing it immediately.
|
| greets Boris
|
Without question, this is a flaw in the newest implementation of selinux policy.
More importantly, though, this problem should be discussed on the selinux
mailing list simply because new policy should not break the functionality of
core apps and imho previously installed rpm apps. SE Linux is NOT a detective
security.

Craig

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCr61R6XcoldzZ4rgRAvYMAJwKJZ2GJyDOLj54kyKgAMRqD5ZvWACeLX3t
W0PP1zkjYZEa78i95nNZocE=
=a4OC
-----END PGP SIGNATURE-----
begin:vcard
fn:Craig Sherwood
n:Sherwood;Craig
email;internet:cs007lj wowway com
note;quoted-printable:Public key for 0xE9772895DCD9E2B8=0D=0A=
	-----BEGIN PGP PUBLIC KEY BLOCK-----=0D=0A=
	Version: GnuPG v1.2.6 (GNU/Linux)=0D=0A=
	=0D=0A=
	mQGiBECyQJQRBACLIa2u3u3/F8Pm+g5QD4K8eCgIC6RX1oXmtI9ALe9NhbNDZrcy=0D=0A=
	hYhInCwCifi1zhxZZ/Xu4zyavk8n96USoXylfVg2hAM/P3qLarbqMDvfVPyjtUFd=0D=0A=
	8lg+NV4SgJ1F0jtqebrXu76AjCIBmLybQ1BYMTWDxB4xSW8lYlJT9+/QDwCg3f0z=0D=0A=
	9knFKiyZbzp4gpJvl4wH8lMD/0iB5t4VQr0jkQ1R1nVFx8sL9DwDogJZ0SJHnHrq=0D=0A=
	fiBb+rx4lCLyz00VHlxxNSFsYRnpmefqC4ywfFnyQ9WpVxt3sqJ18ncxW04X3+cc=0D=0A=
	DHLwqLdW2IKjT9CY4buDqyV8dcOdvYbHR1qQ1dcecYq9fyGHlHYCOr2X5frAmRF4=0D=0A=
	RcoRA/4oBXGKFhf2Q5ptguLHOce/2pzt2qoEL37IbSEATd2sjYE+HsDANzk+WXo9=0D=0A=
	j4Cwwepio9JOJ1kQXeVo7D07HIIZyJuk/RAIh1ztQALk0sFFj2SPiurcRpze4gH0=0D=0A=
	sn//CwlzY0swWaEoV0Jd/hALDvJvRQ+WZ+SVfJ5vfFKlGCowfrQxQ3JhaWcgU2hl=0D=0A=
	cndvb2QgKFByaW1hcnkgS2V5KSA8Y3MwMDdsakB3b3d3YXkuY29tPoheBBMRAgAe=0D=0A=
	BQJAskCUAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEOl3KJXc2eK43coAoIC+=0D=0A=
	wnag2QF02yUMshL5jI4jyywbAJ4yDt9aacCfwTVPNXkkoU9kamjwZbkCDQRAskCp=0D=0A=
	EAgA8PmuinHlAukukL99OvbZ+eQusvrPACuvOxgNr8seDiJ1OTI5XfrUjgbJHNV2=0D=0A=
	K6x69vyui3j3BIKjyo1nq/AY6qrl4R39XuDylnvLr/I7P2tuUHDjy831E+S0suCz=0D=0A=
	bEhRPxv42BnLkZP0ZdQteQn/bvDAHDJ0hMl21lau4PqU/sjQ7/yTGTUVGQhRQD1p=0D=0A=
	8RLbcnSsNbVrQvymBOLfzAC/jZn3EQ4pEm2qMrNXM4IRpcDrrOpkoMYyuBs4JkJ6=0D=0A=
	0jpZ9SVabCZU3ceGGs8JrB4Sdm9omHKeIrBzCs5QnyYVVCY//bJTAp7inLYYRj6g=0D=0A=
	MmmLY4v35UXiCNmYfDYtYvLPFwAEDQgAz1aOHCkni2Vc62DIJJiYy9dQ+ZNxJH4y=0D=0A=
	QBVAJ69HFLHwTfDpyIHCedKwQnTc/wFYghtypXCJkyBE1AsQispArtux2gXADc9C=0D=0A=
	y6MR3pdOfCBNPf9152oNTYwaPFzUIm/OJfhyxT1gHRuGjb2F697YnlVEP5SKA7E5=0D=0A=
	FeaZcg+d9FtBH/BUYpXzWvvE4mh3mfDJ/qwRJpK4qjhZncNSoiT7ZjX8LaNtvkK6=0D=0A=
	aYQczNYV36pPGAe2GZ3MNWxtOYjLZJvmUw76ARPZn7Rt1jYdbXZJ3C0H+0BPEg+e=0D=0A=
	1MsA3z3xO7Y+20fQLBqQC+sUyQWzURv+sme3go7A4/XnfP35OzCnAohJBBgRAgAJ=0D=0A=
	BQJAskCpAhsMAAoJEOl3KJXc2eK4WTQAnRX+0D+aIUSLYQ18xtqKUPQQQyphAJ0Z=0D=0A=
	WmPi4ubVkt7NDFm0rIVJza2IRQ=3D=3D=0D=0A=
	=3DNGxD=0D=0A=
	-----END PGP PUBLIC KEY BLOCK-----
version:2.1
end:vcard


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]