Bug 473862
Summary: | Windows application won't run due to several text relocation warnings | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Andre Robatino <robatino> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 10 | CC: | dwalsh, jkubin, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-12-01 19:32:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Description
Andre Robatino
2008-12-01 05:22:32 UTC
Created attachment 325173 [details]
sealert from attempting to run rad-mc.exe (this happens on both 32- and 64-bit)
I have no idea why this would have worked on F9? unless you had the allow_execmod boolean turned on. setsebool -P allow_execmod=1 I think if you use wine to execute this application it will get the priv to use execmod, but I did not know you could start an EXE directly. If you chcon -t textrel_shlib_t '/home/andre/rad-mc.exe' Does the application work? I'm trying this now using x86_64 F10. If I run chcon -t textrel_shlib_t '/home/andre/rad-mc.exe' then running "./rad-mc.exe" in my home directory works - the installer runs. Below are messages from the terminal - this sort of minor crud is normal (meaning I saw it in F9 when the application worked). [andre@localhost ~]$ ./rad-mc.exe fixme:advpack:set_ldids Need to support changing paths - default will be used err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\MyCash.exe" -> L"\\MyCash.exe" err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\ReadMe.Txt" -> L"\\ReadMe.Txt" err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\Catalog.exe" -> L"\\Catalog.exe" err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\001.cl" -> L"\\001.cl" err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\001.lpt" -> L"\\001.lpt" err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\001.mc" -> L"\\001.mc" err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\001.pl" -> L"\\001.pl" err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\MyCash.Dex" -> L"\\MyCash.Dex" err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\RADSite.url" -> L"\\RADSite.url" err:setupapi:SetupDefaultQueueCallbackW copy error 3 L"C:\\windows\\temp\\$INFTool.Tmp\\EULA.txt" -> L"\\EULA.txt" [andre@localhost ~]$ I also get another sealert, which I've attached. If I attempt to run the installed application, there will be several more sealerts associated with several more files. Like I said, either selinux-policy suddenly improved its security substantially with F10, or it's an selinux bug, since these text relocation errors never appeared in F9, on two different 32-bit machines (I just bought the 64-bit box). Created attachment 325281 [details]
sealert from running the rad-mc.exe installer after changing its file context
Also should have mentioned that to get Windows executables to run this way using Wine, all I have to do is to give them execute permission. I haven't changed any other settings from the defaults. It should work out of the box on any Fedora install after installing wine. After running the installer the first time, if I do chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/windows/system32/MSVBVM50.DLL' and then run it again, I get two more sealerts (text relocation again), so I do chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/windows/system32/ccrpDtp.ocx' chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/windows/system32/tabctl32.ocx' and after running the installer again, I get two more sealerts (text relocation again), so I do chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/windows/system32/msflxgrd.ocx' chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/windows/system32/Anigif.dll' and if I run the installer again, it works without any sealerts. Now, if I try to actually run the installed application (~/.wine/drive_c/MyCash.exe), it appears to run, but I get another sealert (text relocation), so I do chcon -t textrel_shlib_t '/home/andre/.wine/drive_c/MyCash.exe' and it now appears to start more or less normally. But I never saw a single text relocation warning in F9. allow_execmod was turned on by default in Fedora 9, and turned off by default in Fedora 10. So turn the boolean on and you should be fine. setsebool -P allow_execmod=1 Which will allow you to run apps as an unconfined user which requires execmod. After running "setsebool -P allow_execmod=1" as root, everything works now, same as F9. I'll close this as NOTABUG, and do some reading about the security implications of allowing this. Thanks and sorry for the trouble. One quick question - did this happen because this particular Windows application was written incorrectly, or would attempting to run any Windows program have generated the same errors? Running any window application will cause this problem, I believe. |