Fedora Core 3 Test Update: selinux-policy-targeted-1.17.30-3.15
Ian Pilcher
i.pilcher at comcast.net
Tue Jun 28 16:27:10 UTC 2005
Ian Pilcher wrote:
> Acrobat Reader 7 (non-RPM install) is still broken:
>
> Jun 27 18:04:00 home kernel: audit(1119913440.472:0): avc: denied {
> execmod } for pid=5877 comm=acroread
> path=/opt/Adobe/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api
> dev=md1 ino=578545 scontext=user_u:system_r:unconfined_t
> tcontext=root:object_r:usr_t tclass=file
> Jun 27 18:04:00 home kernel: audit(1119913440.495:0): avc: denied {
> execmod } for pid=5877 comm=acroread
> path=/opt/Adobe/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl
> dev=md1 ino=578612 scontext=user_u:system_r:unconfined_t
> tcontext=root:object_r:usr_t tclass=file
>
OK, I've got Acrobat Reader 7 working with this policy. It turns out
that it includes a number of shared library files with names that don't
end in .so. The following got it working for me:
cd /opt/Adobe/Acrobat7.0/Reader/intellinux
chcon -t shlib_t SPPlugins/ADMPlugin.apl plug_ins/*.api
restorecon did not recognize that these files were mislabeled. In fact,
it thinks that they should be changed back to usr_t. Presumably, it
should be enhanced to look at things other than file name.
--
========================================================================
Ian Pilcher i.pilcher at comcast.net
========================================================================
More information about the fedora-test-list
mailing list