Bug 178624

Summary: JVM and SELinux configuration (FC5 relnotes)
Product: [Fedora] Fedora Documentation Reporter: David Bentley <david.r.bentley>
Component: release-notesAssignee: Anthony Green <green>
Status: CLOSED NOTABUG QA Contact: Karsten Wade <kwade>
Severity: medium Docs Contact:
Priority: medium    
Version: develCC: wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-30 23:03:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 151189    

Description David Bentley 2006-01-22 18:51:55 UTC 
Section 9.1.5 of the release notes explains how best to install sun java in /opt
but it doesn't explain what else needs to be done to get it to work properly.

You need to modify the selinux policy by ticking two boxes in the compatibility
section in order to use the sun java plugin with firefox.

[1] Allow executables to run with executable stack
[2] Allow the use of shared libraries with text relocation

Also note that [1] is necessary in order to use the macromedia/adobe provided
flash player with firefox.

A seperate section within the package-specific notes may be useful for the
instuctions for the selinux policy change required when only the flasplayer
is installed as some people will roll their own java packages instead of using
those provided by sun ( I will wait for FC5T3 of FINAL before making my own
java packages as I did for FC4 )
Comment 1 David Bentley 2006-01-22 20:19:33 UTC 
Sorry shold have alter the summary to FC5 release notes -- 
Done now.
Comment 2 David Bentley 2006-01-24 18:00:21 UTC 
Update on this after completelty removing flash and sun java then re-installing 
sun java by extracting it again into /opt and then installing flask again and it 
now seems that both [1] and [2] are needed for both sun java and flash.

it would seem that at some point libflashplayer.so in /usr/lib/mozilla/plugins
got re-labled from root:object_r:lib_t to system_u:object_r:textrel_shlib_t at
some point.

re-labeling all the files (and those symbolically linked to)
in /usr/lib/mozilla/plugins with the following command
(while in /usr/lib/mozilla/plugins) 
chcon system_u:object_r:textrel_shlib_t *.*
should remove the need to apply a tick to box [2]
but I suspect far more than adding the command to do what is done by the tick
in box [1] is required to remove the need for it
Comment 3 Karsten Wade 2006-01-25 19:16:47 UTC 
Not sure if this is relevant for the relnotes or not, it depends on if the
software in question is i) within Core or Extras, and ii) is permissible to
document.  

I'm reassigning to the Java release notes beat writer for review.

For information about what we don't document or why:

http://fedoraproject.org/wiki/ForbiddenItems
Comment 4 Anthony Green 2006-01-30 23:03:27 UTC 
The release notes currently describe the old & busted mechanism for installing
sun's java.  The problem you're having should go away using the new mechanism. 
Or , at least, if they don't go away - we can fix it without forcing users to
mess with SELinux settings.  We don't want to support Sun's /opt install mess.

I'll point the JPackage maintainers at this bugzilla entry, so they can add the
appropriate SELinix voodoo to their spec files.  I'm closing this bug.