Bug 177097
Summary: | Wine fails to execute any windows programs | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Hans de Goede <hdegoede> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | andreas.bierfert |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 2.1.13-1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-03-21 01:43:48 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Hans de Goede
2006-01-06 10:34:43 UTC
Try turning on allow_execmod boolean setsebool -P allow_execmod=1 That works, which is strange because inspired by a bugzilla query I did: for i in `rpm -ql wine|grep /bin`; do chcon -t java_exec_t $i; done And java needs allow_execmod too right? Anyways yes that works. No it allows execmem. We need a better solution for wine, but this works for now. Erm, if we need a better solution then how is this not a bug? Also since wine is in extras now (see bug 171526), this is a real problem since the targeted policy is enabled by default now a days and one would expect wine from FE to work out of the box. Reopening. Actually if you want to run execmod applications in your homedir you need to set allow_execmod. If you want the exe labeled correctly they should be installed in /usr/lib/wine directory as a .s0 file. They you could restorecon -R /usr/lib/wine To set them up correctly. If they do not work labeled as .so I could add a file_context match on \*.exe Daniel Walsh wrote:
> Actually if you want to run execmod applications in your homedir you need to
set allow_execmod.
What I want is a wine which works out of the box with the targeted policy. Isn't
it possible to create a type for the wine binaries so that they are allowed todo
execmod on any file? Just like java is given a type which allows it to always do
execmem.
Yes. Do you know if wine needs execmem? Well it works with the default targeted policy after doing the "setsebool -P allow_execmod=1" so I guess it doesn't need execmem. Where are we on this one? Anything new or anything I should test/check? Latest policy should be working. selinux-policy-targeted-2.1.13-1 |