Bug 725833

Summary: chmsee needs to have the type execmem_exec_t
Product: [Fedora] Fedora Reporter: Göran Uddeborg <goeran>
Component: chmseeAssignee: Yijun Yuan <bbbush.yuan>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: bbbush.yuan, dwalsh, pertusus, pwu
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-10 16:27:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
The backtrace I get from chmsee
none
The AVC message none

Description Göran Uddeborg 2011-07-26 17:29:50 UTC 
Created attachment 515329 [details]
The backtrace I get from chmsee

Description of problem:
When starting chmsee it immediately crashes with a "glibc detected" "double free or corrupion" and gives me a backtrace.  I also get an AVC execmem violation.

This does indeed seem to be related to execmem.  I run my system with allow_execmem turned off, which I believe should work.  But it seems it requires chmsee to have the execmem_exec_t type.

Version-Release number of selected component (if applicable):
chmsee-1.3.1.1-2.fc15.x86_64

How reproducible:
Every time.

Steps to Reproduce:
1. sudo setsebool allow_execmem false
2. chmsee <some chm file>
  
Actual results:
Crash

Expected results:
Window showing the chm help

Additional info:
Since chmsee uses gecko, I suspect this has the same underlying reason as bug 714425.  But as far as I'm aware, each binary has to be marked execmem, it can't be done on the library actually using it.  Or can it nowdays?
Comment 1 Göran Uddeborg 2011-07-26 17:31:20 UTC 
Created attachment 515331 [details]
The AVC message
Comment 2 Daniel Walsh 2011-07-26 19:01:37 UTC 
Why does this need it?  I run this app on F16 and it crashes.

 /usr/bin/chmsee

** (chmsee:3480): WARNING **: GECKO_UTILS >>> Couldn't find a compatible GRE!


** ERROR **: Initialize html render engine failed!
Trace/breakpoint trap (core dumped)
[Exit 133 (SIGTRAP)]
Comment 3 Göran Uddeborg 2011-07-26 20:09:17 UTC 
> Why does this need it?

Chmsee uses the Gecko rendering engine.  In recent versions of xulrunner, there apparently is a JavaScript just-in-time compiler, which allocates executable memory.  Thus any program using Gecko, like firefox and chmsee needs the execmem_exec_t type.

At least that is how I understood what was said on the thread about firefox on the selinux mailing list last month (http://lists.fedoraproject.org/pipermail/selinux/2011-June/013837.html).

I'm not sure why it fails even before that on F16.  What version of xulrunner is installed?
Comment 4 Peng Wu 2011-07-27 07:12:58 UTC 
Sorry, last time I updated chmsee for gecko 5.0 for Fedora 15, chmsee failed built for rawhide, as missing gtkmozembed.h.
chmsee 2.0 will switch to xulrunner 5.0, but not released yet.