Description of problem: firefox plugin for Adobe Reader nppdf.so will not run. Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. Install Adobe Reader plugin (nppdf.so) in firefox. 2. Disable mozplugger from running pdf applications if installed 3. Run firefox 4. check plugins using about:plugins 5. Adobe Reader is not listed. Actual results: Adobe Reader is not listed. pdf files cannot be opened with Adobe Reader. Expected results: Adobe Reader should be listed. pdf files should be opened with Adobe Reader. Additional info: This can be worked around by using: chcon -t textrel_shlib_t nppdf.so in the firefox plugins directory.
Adobe Reader 7.0.5 is running on my FC5 system both as a Firefox plugin and for reading local PDF files. My current policy is selinux-policy-targeted-2.2.25-3.fc5. After installing the AdobeReader_enu RPM, I ran the install_browser_plugin script in /usr/local/Adobe/Acrobat7.0/Browser, which essentially does a cp /usr/local/Adobe/Acrobat7.0/Browser/intellinux/nppdf.so \ /usr/lib/mozilla/plugins Then I made sure the context was set correctly with restorecon /usr/lib/mozilla/plugins/nppdf.so But this doesn't look like it changes much with the current policy. Right now, the nppdf.so file is labeled "user_u:object_r:lib_t". I believe its type was textrel_shlib_t with the previous policy. I had to turn on the allow_execmod boolean to get the acroread program to work with local PDF files: setsebool -P allow_execmod 1 And a minute ago, I confirmed that the Firefox plugin and acroread are both working with the current targeted policy. I usually test the plugin by going to www.irs.gov and viewing the 1040 form - easy to remember. :-)
Oops, sorry, I didn't read John's last paragraph. It looks like the allow_execmod boolean was working around the problem on my system. In the meantime, I have found that restorecon /usr/lib/mozilla/plugins/nppdf.so sets a type of textrel_shlib_t with both selinux-policy-targeted-2.2.25-3.fc5 and selinux-policy-targeted-2.2.25-2.fc5. But I don't think you can get acroread to work without the boolean change, unless you change a lot more library files to textrel_shlib_t.
That is covered in Bugzilla 187596
fixed in selinux-policy-2.2.29-2.fc5
When is selinux-policy-2.2.29-2.fc5 going to be available. I have tried using yum update and it does not update the policy.
Duh. I found it in the development repo. I had relabled the files using chcon. After installing selinux-policy.noarch 0:2.2.29-4 which is the current in development, niether acroread or the Firefox plugin, nppdf.so, worked. Also, I found that just doing chcon on nppdf.so does not work unless the context for all the Adobe reader libs and api have had their context changed.
Forgot to post that I have the tar ball installed and not the rpm from RedHat, so Firefox is in /usr/local/firefox .
Closing as these have been marked as modified, for a while. Feel free to reopen if not fixed
This may be fixed if using the distro firefox rpm. I cannot confirm or deny. This is not fixed in the current policy if the install from Mozilla for Firefox is used instead of the distro rpm. The common place to put the plugins is in /usr/local/firefox/plugins when using the Mozilla distribution. Currently using selinux-policy-2.2.34-3.fc5 Close again if the non rpm location is not going to be fixed. If it is not going to be fixed in the non rpm location, then I think a FAQ note to what to do for Firefox plugins that reside in /usr/local/firefox/plugins.
Fixed in selinux-policy-2.2.38-1.fc5
Where is selinux-policy-2.2.38-1.fc5? Newest I can find with yum is selinux-policy.noarch 2.2.37-1 development
Should be in fedora testing tonight.
New adobe reader 8.1.1 package is out for Linux, with yet another location for nppdf.so: /opt/Adobe/Reader8/Browser/intellinux/nppdf.so At least now Firefox will launch a separate acroread process if the plugin fails.
Fixed in selinux-policy-3.0.8-47.fc8.src.rpm
Should say 48 not 47
Can we get this fixed in F7 too?
Fixed in 2.6.4-55.fc7
(In reply to comment #18) > Fixed in 2.6.4-55.fc7 Really? # rpm -q selinux-policy selinux-policy-2.6.4-57.fc7 # restorecon -r -v /opt/Adobe/ # ls -lZ /opt/Adobe/Reader8/Browser/intellinux/nppdf.so -rwxr-xr-x root root system_u:object_r:usr_t /opt/Adobe/Reader8/Browser/intellinux/nppdf.so
That is strange. grep Adobe /etc/selinux/targeted/contexts/files/*
/etc/selinux/targeted/contexts/files/file_contexts:/usr/(local/)?Adobe/.*\.api -- system_u:object_r:textrel_shlib_t:s0 /etc/selinux/targeted/contexts/files/file_contexts:/usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so -- system_u:object_r:textrel_shlib_t:s0 /etc/selinux/targeted/contexts/files/file_contexts:/usr/(local/)?Adobe/(.*/)?intellinux/sidecars/* -- system_u:object_r:textrel_shlib_t:s0 /etc/selinux/targeted/contexts/files/file_contexts:/usr/(local/)?Adobe/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- system_u:object_r:textrel_shlib_t:s0 # rpm -Va selinux-policy\* #
Fixed in selinux-policy-2.6.4-59.fc7
Indeed, but: Updating : selinux-policy-targeted ######################### [2/4] /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /opt/Adobe(/.*?)/nppdf\.so. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /opt/Adobe(/.*?)/nppdf\.so. Line is duplicated in file_contexts.
Yes I fixed this in selinux-policy-2.6.4-60.fc7