Bug 596983
Summary: | SELinux is preventing /home/eddie/google-earth/googleearth-bin from loading /home/eddie/google-earth/librender.so which requires text relocation. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Eddie Lania <eddie> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 13 | CC: | 521, alessandromachado.vip, ameya.gore, avramovski.dragan, bndrcr82a08e349g, carlos.rca185, cedpren, dakshay, dankahazi, dwalsh, eyeneeserver, germano.massullo, maskimko, mgrepl, mirvana-dmitry, nikolas.moraitis, n.underwood78, pascalarnold.varniol, Robert-Martin, rohinbanerji, santiago.lunar.m, sharrana, subscribed-lists, th-topo, valent.turkovic, willians.hxcx, wlh2008 |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:19d8c96b052b680416c17294c2c0a2eecd9eb7755f0ef24e94d2b3f6f8862cae | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-06-01 13:46:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Eddie Lania
2010-05-27 20:53:19 UTC
I have issued the Fix Command: chcon -t textrel_shlib_t '/home/eddie/google-earth/librender.so' several times, as user and as root, but the error/denial keeps coming back. Turn off the check. # setsebool -P allow_execmod 1 Isn't that preventing selinux from detecting of all other applications attempting to load objects which requires text relocation as well? Is that a good idea? Yes and know. If a huge number of bugs come in reporting third party libraries are built incorrectly then this check becomes almost worthless for the vast majority of users. You have two choices here tell SELinux to ignore the error, or fix the labeling your self using chcon -t textrel_shlib_t on all libraries that exhibit this behaviour. allow_execmod only allows it for the unconfined domain, not for any confined domains. Google and others know about their problems but are either slow to fix or ignoring the problem. During rawhide cycle this is turned off and I have decided to turn it on for the F13 release. Since this is a google bug I can not fix it. I label my files *.so using chcon -t textrel_shlib_t. But SElinux still detecting the same problem. Carlos please attach the bugs, or just set the boolean allow_execmod # setsebool -P allow_execmod 1 |