Bug 187678 - SELinux policy targeted 2.2.25-2.fc5 breaks Sun JRE
Summary: SELinux policy targeted 2.2.25-2.fc5 breaks Sun JRE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 5
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Keywords: Desktop, SELinux
Depends On:
TreeView+ depends on / blocked
Reported: 2006-04-02 16:03 UTC by Heiko Adams
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version: 2.2.36-2.fc5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-05-09 21:11:33 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Heiko Adams 2006-04-02 16:03:26 UTC
Description of problem:
After updating the SELinux policy "targeted" to 2.2.25-2.fc5 the SUN JRE 1.x
didn't start anymore.

Additional info:
Running chcon -t textrel_shlib_t /usr/local/jre1.6.0/lib/i386/client/* and chcon
-t textrel_shlib_t /usr/local/jre1.6.0/bin/* solved the problem temporary and
made the jre running again.

Comment 1 Daniel Walsh 2006-04-03 15:31:42 UTC
This seems a little extreme.  What is blowing up what avc messares are you seeing?

Where do I get jre1.6 to test this?

Comment 2 Heiko Adams 2006-04-03 19:18:30 UTC
You can get it from here:

Comment 3 Gérard Milmeister 2006-04-03 21:10:50 UTC
I can confirm that I need to do:
chcon -t textrel_shlib_t /opt/jdk1.6.0/jre/lib/i386/client/libjvm.so

This has not been necessary with jdk1.5.0.

Comment 4 Heiko Adams 2006-04-09 17:04:13 UTC
Okay, as I feared: The Java plugin for firefox isn't working anymore too :-(

Comment 5 Heiko Adams 2006-04-09 17:09:29 UTC
(In reply to comment #4)
> Okay, as I feared: The Java plugin for firefox isn't working anymore too :-(
Sorry, please ignore this comment. It was my fault

Comment 6 Daniel Walsh 2006-04-14 13:17:13 UTC
Fixed in selinux-policy-2.2.32-1.fc5

Comment 7 Heiko Adams 2006-04-28 17:45:58 UTC
Tested with selinux-policy-targeted-2.2.34-3.fc5:
Sun JRE 1.5 works fine but JRE 1.6 Beta is still broken

Comment 8 Daniel Walsh 2006-04-28 20:01:46 UTC
What avc messages are  you seeing with it?

Comment 9 Heiko Adams 2006-04-28 20:34:19 UTC
AFAIR "cannot restore segment prot after reloc: Permission denied" or something
like that.
I'm sorry, but i was forced to do chcon -t textrel_shlib_t
/usr/local/jre1.6.0/lib/i386/client/libjvm.so to make my apps running again with
java 1.6 beta

Comment 11 Daniel Walsh 2006-05-09 16:20:16 UTC
fixed in selinux-policy-2.2.38-1.FC5.

Comment 12 Heiko Adams 2006-05-09 17:10:45 UTC
It seems that selinux-policy-2.2.36-2.fc5 fixes the problem. At least all my
java apps start with jre 1,5 and 1.6beta

Note You need to log in before you can comment on or make changes to this bug.