Bug 202642
Summary: | Add Seamonkey to the group of Mozilla apps that require textrel_shlib_t | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kai Engert (:kaie) (inactive account) <kengert> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5 | CC: | caillon, dwalsh, jim.cornette | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | selinux-policy-2.3.7-2.fc5 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-08-24 12:11:43 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Kai Engert (:kaie) (inactive account)
2006-08-15 17:20:10 UTC
https://www.redhat.com/archives/fedora-list/2006-August/msg01448.html has information regarding the problem and also comments regarding text relocation not being advisable. If possible, a fix for the mozilla and its offshoots of the original mozilla should be fixed so they do not need test relocation. I use seamonkey and was putting SELinux in permissive instead of enforcing because of the limiting factor test relocation denials were causing with seamonkey. I am using comment #8 suggestion in bug 201648 which allows SELinux to be used for the rest of the system. libxpcom_core.so seemed to have the most avc denied messages in the /var/log/audit/audit.log file on my system. # ls -lZ /usr/lib/firefox-1.5.0.6/libxpcom_core.so -rwxr-xr-x root root system_u:object_r:textrel_shlib_t # ls -lZ /usr/lib/seamonkey-1.0.4/libxpcom_core.so -rwxr-xr-x root root system_u:object_r:lib_t # ls -lZ /usr/lib/thunderbird-1.5.0.5/libxpcom_core.so -rwxr-xr-x root root system_u:object_r:textrel_shlib_t adding to CC: Also RealPlayer's realplay application doesn't work with the new SELinux policy. I had to switch mode to permissive for it to work. It should be added in too. Please attach avc messages from /var/log/messages. Created attachment 134436 [details]
There are messages in /var/log/audit/audit.log
No AVC messages in /var/log/messages. The messages are in
/var/log/audit/audit.log
Fixed in selinux-policy-2.3.7-2.fc5 Change to modified I installed selinux-policy-2.3.7-2.fc5 and then relabeled the system afterwards to ensure that the system contained intended contents since I used the temporary fix from the previous bug report. Seamonkey starts fine in enforcing mode after the relabeling with touch /.autorelabel followed by a reboot. The installation of the rpm had a long delay during install on the last entry and a process related to selinux was using a substantial amount of CPU time. I don't recall the exact process. Yes this is because the rpm package is updating the files it has changed. It is using restorecon and sometimes can take a while. Thanks for clarifying. I suspected that it was locked up but allowed some more time. I checked the processes with top and recognized the program consuming 90 plus percentage of the cpu was an selinux program. (Read the man pages to be sure) Anyway, I figured I'd mention it in case it was out of the expected behavior scope. |