Description of problem: New selinux update breaks netbeans profiler and java 1.6.0 beta. I'm not sure if the problem is in selinux-policy or no, but sure is selinux related. On startup netbeans (with java 1.5.0_06) complains about an Unsatisfied Link (I have attached a screen shot for this), the application seems to run fine (and sun jvm also has no problem, afaik, but profiler support in netbeans is disabled). /var/log/message is difficult to follow here, as netbeans produces a lot of output, but this should be the relevant line: Mar 30 23:59:40 nirvana kernel: audit(1143755980.603:711): avc: denied { execmod } for pid=2888 comm="java" name="libclient.so" dev=hda5 ino=297965 scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file The same apply when I try java 6 beta: [root@nirvana neugens]# /opt/jdk1.6.0/bin/java -version dl failure on line 685Error: failed /opt/jdk1.6.0/jre/lib/i386/client/libjvm.so, because /opt/jdk1.6.0/jre/lib/i386/client/libjvm.so: cannot restore segment prot after reloc: Permission denied [root@nirvana neugens]# tail -f /var/log/messages Mar 31 00:08:30 nirvana kernel: audit(1143756510.947:1027): avc: denied { execmod } for pid=3021 comm="java" name="libjvm.so" dev=hda5 ino=199223 scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tcontext=system_u:object_r:lib_t:s0 tclass=file I'm not an expert of selinux, so I'm trying to understand policies to fix this by myself. Anyway, when I turn off selinux everything goes well. Please, note that everything was fine before the last update. Version-Release number of selected component (if applicable): [root@nirvana neugens]# rpm -qa|grep selinux libselinux-python-1.30-1.fc5 libselinux-1.30-1.fc5 selinux-policy-2.2.25-2.fc5 libselinux-devel-1.30-1.fc5 selinux-policy-targeted-2.2.25-2.fc5 How reproducible: Alaways Steps to Reproduce: 1. just run netbeans with profiler (or java 6 beta) 2. 3. Actual results: netbeans profiler is disabled, java 6 beta does not run at all Expected results: netbeans and java 6 beta should run without problems. Additional info: attached screenshot to see the error on netbeans, the error is a bit misleading, as it refers to an unsatisfied link, but all files are where they should be.
Created attachment 127078 [details] Screenshot of netbeans error message
I found a workaround, maybe of some help for others with this problem util a suitable update is released (if any). The workaround came from this site: http://www.rsinc.com/services/techtip.asp?ttid=3092 Simply changing the security context for java 6 and netbeans profiler works (I don't know if there are security implication here, but this is better than totally disable selinux, I think): chcon -t texrel_shlib_t /opt/jdk1.6.0/jre/lib/i386/client/*so chcon -t texrel_shlib_t /opt/netbeans-5.0/profiler1/lib/deployed/jdk15/linux/*so
I'm experiencing the same problem here. I'm using the j2re package from Dag (http://dag.wieers.com/apt/) and getting the following exception: Exception in thread "main" java.lang.UnsatisfiedLinkError: /usr/lib/jre/lib/i386/libawt.so: /usr/lib/jre/lib/i386/libawt.so: cannot restore segment prot after reloc: Permission denied Until I applied the recent selinux update, everything was working fine, so I believe this is the same problem.
fixed in selinux-policy-2.2.38-2 in rawhide. Will be updated in FC5 next week.
Closing bugs