Bug 475026

Summary: oowriter "permission denied" message
Product: [Fedora] Fedora Reporter: Horst H. von Brand <vonbrand>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: caolanm, jnavrati
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-12-12 18:49:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The requested strace output none

Description Horst H. von Brand 2008-12-06 20:03:19 UTC 
Description of problem:
Running "oowriter some.doc" gives:

  $ oowriter ACTA\ NÂș\ 3\ RECTORIA.doc 
  /usr/lib64/openoffice.org3/program/soffice: line 79: /usr/lib64/openoffice.org3/program/../basis-link/ure-link/bin/javaldx: Permission denied

Version-Release number of selected component (if applicable):
openoffice.org-ure-3.0.1-12.1.fc11.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Start oowriter from e.g. a gnome-terminal
2.
3.
  
Actual results:
Above message; seems to work (didn't try to do anything fancy)

Expected results:
Silence

Additional info:
Comment 1 Caolan McNamara 2008-12-08 12:02:48 UTC 
can you run 

/usr/lib64/openoffice.org/ure/bin/javaldx

manually and see if it also fails

if it also fails then what is the output of

strace -f 
/usr/lib64/openoffice.org/ure/bin/javaldx > /tmp/strace.log 2>&1

and

/usr/sbin/sestatus
Comment 2 Horst H. von Brand 2008-12-08 18:25:50 UTC 
Created attachment 326158 [details]
The requested strace output
Comment 3 Horst H. von Brand 2008-12-08 18:27:53 UTC 
It fails (the output of strace requested is the attachment at #2).

]$ /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

The above for openoffice.org-ure-3.0.1-12.3.fc11.1.x86_64
Comment 4 Horst H. von Brand 2008-12-08 18:31:49 UTC 
I also get:

$ ls -lZ /usr/lib64/openoffice.org/ure/bin/javaldx
-rwxr-xr-x  root root system_u:object_r:java_exec_t:s0 /usr/lib64/openoffice.org/ure/bin/javaldx
$ lsattr /usr/lib64/openoffice.org/ure/bin/javaldx
--------------- /usr/lib64/openoffice.org/ure/bin/javaldx
Comment 5 Caolan McNamara 2008-12-08 23:01:04 UTC 
*shrug*, looks like strace doesn't have permissions to strace. I suspect that there is some tiresome java permissions issue here.

maybe selinux guys can tell us what needs to be done if anything from our side.
Comment 6 Daniel Walsh 2008-12-09 13:58:09 UTC 
Are you seeing any AVC messages?  Are you sure this is an SELInux issue?  

setenforce 0

Does it still happen?

id -Z
Comment 7 Horst H. von Brand 2008-12-09 21:40:07 UTC 
In /var/log/messages I see  variations of:

   Dec  9 18:33:41 laptop14 nscd: Can't send to audit system: USER_AVC avc:  received setenforce notice (enforcing=0)#012: exe="?" (sauid=28, hostname=?, addr=?, terminal=?)

Doesn't happen with "setenforce 0"

   $ id -Z
   unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Comment 8 Daniel Walsh 2008-12-10 15:00:03 UTC 
grep avc /var/log/audit/audit.log
Comment 9 Horst H. von Brand 2008-12-12 17:08:56 UTC 
Gone away after today's update (openoffice.org-3.0.1-13.2.fc11.x86_64). No change in selinux-policy-*