FC5: Problem with acroread and CISCO VPN
Klaus Steinberger
Klaus.Steinberger at physik.uni-muenchen.de
Thu Apr 27 05:39:27 UTC 2006
Hello,
in Fedora Core 5 selinux blocks execution of the CISCO vpnclient, as well as
acroread:
[klaus.steinberger at noname ~]$ acroread
/usr/lib/acroread/Reader/intellinux/bin/acroread: error while loading shared
libraries: /usr/lib/acroread/Reader/intellinux/lib/libJP2K.so: cannot restore
segment prot after reloc: Permission denied
[klaus.steinberger at noname ~]$
type=AVC msg=audit(1146115808.601:23): avc: denied { execmod } for pid=3366
comm="acroread" name="libJP2K.so" dev=hda2 ino=2680495
scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0
tclass=file
type=SYSCALL msg=audit(1146115808.601:23): arch=40000003 syscall=125
success=no exit=-13 a0=2d4000 a1=aa000 a2=5 a3=bfb2dfd0 items=0 pid=3366
auid=10022 uid=10022 gid=100 euid=10022 suid=10022 fsuid=10022 egid=100
sgid=100 fsgid=100 comm="acroread"
exe="/usr/lib/acroread/Reader/intellinux/bin/acroread"
type=AVC_PATH msg=audit(1146115808.601:23):
path="/usr/lib/acroread/Reader/intellinux/lib/libJP2K.so"
[klaus.steinberger at noname ~]$ vpnclient connect lrz
vpnclient: error while loading shared
libraries: /opt/cisco-vpnclient/lib/libvpnapi.so: cannot restore segment prot
after reloc: Permission denied
[klaus.steinberger at noname ~]$
type=AVC msg=audit(1146115819.449:24): avc: denied { execmod } for pid=3437
comm="vpnclient" name="libvpnapi.so" dev=hda2 ino=2676482
scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0
tclass=file
type=SYSCALL msg=audit(1146115819.449:24): arch=40000003 syscall=125
success=no exit=-13 a0=5ce000 a1=43000 a2=5 a3=bfa87450 items=0 pid=3437
auid=10022 uid=10022 gid=100 euid=10022 suid=10022 fsuid=10022 egid=100
sgid=100 fsgid=100 comm="vpnclient" exe="/opt/cisco-vpnclient/bin/vpnclient"
type=AVC_PATH msg=audit(1146115819.449:24):
path="/opt/cisco-vpnclient/lib/libvpnapi.so"
My system is up2date:
[klaus.steinberger at noname ~]$ rpm -q selinux-policy-targeted
selinux-policy-targeted-2.2.34-3.fc5
[klaus.steinberger at noname ~]$ rpm -q acroread
acroread-7.0.5-2.2
[klaus.steinberger at noname ~]$
I'm currently not to familiar with selinux, so the only workaround I know is
to "setenforce 0".
Sincerly,
Klaus
--
Klaus Steinberger Maier-Leibnitz Labor
Phone: (+49 89)289 14287 Am Coulombwall 6, D-85748 Garching, Germany
FAX: (+49 89)289 14280 EMail: Klaus.Steinberger at Physik.Uni-Muenchen.DE
URL: http://www.physik.uni-muenchen.de/~k2/
In a world without Walls and Fences, who needs Windows and Gates
More information about the fedora-selinux-list
mailing list