Selinux attacks acroread again

Paul Howarth paul at city-fan.org
Thu Apr 13 09:40:34 UTC 2006


Paul Smith wrote:
> On 4/13/06, Gérard Milmeister <gemi at bluewin.ch> wrote:
>>>> After the today's updates, I tried the following to get acroread
>>>> working, but it exits with 1:
>>>>
>>>> # chcon -t texrel_shlib_t
>>>> /usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libJP2K.so
>>>> # chcon -t textrel_shlib_t
>>>> /usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libCoolType.so
>>>>
>>>> Any ideas?
>>> Do others confirm the same problem?
>> Evertime you install a new acroread or relabel the filesystem (
>> which happens when the selinux policy is updated) the context
>> changes a reset to default. To avoid this you must change
>> policy by the following:
>> /usr/sbin/semanage fcontext -a -t textrel_shlib_t
>> '/usr/local/Adobe/Acrobat7.0/Browser/intellinux/.*\.so'
>> /usr/sbin/semanage fcontext -a -t textrel_shlib_t
>> '/usr/local/Adobe/Acrobat7.0/Reader/intellinux/SPPlugins/.*\.apl'
>> /usr/sbin/semanage fcontext -a -t textrel_shlib_t
>> '/usr/local/Adobe/Acrobat7.0/Reader/intellinux/plug_ins/.*\.api'
>> Then you do:
>> restorecon -R /usr/local/Adobe/Acrobat7.0
>> This should take care of the problem. It is really a FAQ and
>> should be mentioned somewhere on the Fedora Wiki.

Better still, someone should bugzilla it so it gets fixed in policy and 
nobody has the problem any more.

> Thanks, Gérard, but getting:
> 
> # restorecon -R /usr/local/Adobe/Acrobat7.0
> bash: restorecon: command not found
> # /usr/sbin/restorecon -R /usr/local/Adobe/Acrobat7.0
> bash: /usr/sbin/restorecon: No such file or directory
> #

It's in /sbin

Use "su -" rather than "su" and you'll get root's environment, which 
will include having /sbin and /usr/sbin on the PATH.

Paul.




More information about the fedora-list mailing list