FC5: Problem with acroread and CISCO VPN
Paul Howarth
paul at city-fan.org
Thu Apr 27 07:50:21 UTC 2006
On Thu, 2006-04-27 at 08:58 +0200, Stephan Groß wrote:
> On Thursday 27 April 2006 07:39, Klaus Steinberger wrote:
>
> Hi,
>
> > in Fedora Core 5 selinux blocks execution of the CISCO vpnclient, as well
> > as acroread:
> >
> > [klaus.steinberger at noname ~]$ acroread
> > /usr/lib/acroread/Reader/intellinux/bin/acroread: error while loading
> > shared libraries: /usr/lib/acroread/Reader/intellinux/lib/libJP2K.so:
> > cannot restore segment prot after reloc: Permission denied
> > [klaus.steinberger at noname ~]$
>
> after some googling I found following advice that worked for me to enable
> acroread again:
>
> 1. Start "System" > "Administration" > "Security Level and Firewall"
> 2. On the "SELinux" tab click on "Modify SELinux Policy > Compatibility"
> 3. Tick the check box next to "Allow the use of shared libraries with Text
> Relocation".
A better fix is to label the acroread files correctly, which only
"opens" the protection for acroread and not every process on the system:
I believe you need:
# chcon -t textrel_shlib_t \
/usr/lib/acroread/Reader/intellinux/lib/*.so \
/usr/lib/acroread/Reader/intellinux/SPPlugins/*.apl \
/usr/lib/acroread/Reader/intellinux/plug_ins/*.api
Paul.
More information about the fedora-selinux-list
mailing list