OpenOffice.org 1.9.100
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri May 13 08:46:03 UTC 2005
On Fri, 13 May 2005 09:25:50 +0200, Aurelien Bompard said:
> Hi,
>
> Just so that you know, the OpenOffice 1.9.100 rpms from www.openoffice.org
> won't run on FC3 because of SELinux:
> audit(1115968252.998:0): avc: denied { execmod } for pid=9833
> comm=soffice.bin
> path=/opt/openoffice.org1.9.100/program/libicudata.so.26.0.1 dev=sda2
> ino=308509 scontext=user_u:system_r:unconfined_t
> tcontext=system_u:object_r:usr_t tclass=file
This of course fails in the same basic manner under 'strict', except it's no
longer an unconfined_t....
> What should we tell the upstream rpm maintainters so that their packages
> work on FC3 ? The packages used to work in an earlier version (1.9.73 I
> think). It's also possible that a policy update caused it, I'm not sure, I
> didn't use them very often.
>
> Is there something we can do to fix it, or is it only in the hands of the
> upstream maintainers ?
What you can do short-term:
If you have selinux-policy-<foo>-sources installed, you can try this:
cat << EOF >> /etc/selinux/strict/src/policy/file_contexts/misc/local.fc
# Places the OpenOffice stuff puts stuff
/usr/local/OpenOffice.org1.1.4/program/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
/opt/openoffice.org[^/]*/program/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
/opt/openoffice.org[^/]*/program/soffice.bin -- system_u:object_r:bin_t
EOF
That seemed to shut the vast majority of the whinging when I tried it
with strict/permissive. You might have to tag something with texrel_shlib_t
as well. I don't think there's any new policy needed, just file contexts
to get the *.so's as shlib_t and the binaries as bin_t
(it's 4:37AM and one of my cats just finished dropping a litter of kittens
under my bed about a half hour, so you'll have to flush out the rest of the
answer for yourself :)
Long-term answer: when Fedora ships their official openofficeorg-*-2.0 RPMs,
we'll make sure The Right Thing happens.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050513/b61a15f6/attachment.sig>
More information about the fedora-selinux-list
mailing list