Bug 224042 - nxagent libXcomp.so.2.1.0 and libXcompext.so.2.1.0 require text relocation
Summary: nxagent libXcomp.so.2.1.0 and libXcompext.so.2.1.0 require text relocation
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 6
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-01-23 19:37 UTC by Eric Moret
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: selinux-policy-2.4.6-29
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-19 22:46:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Eric Moret 2007-01-23 19:37:42 UTC
Description of problem:
When remotely connecting to an nxserver host, the nxserver host raises 2
distinct selinux violations:

avc: denied { execmod } for comm="nxagent" dev=dm-0 egid=893 euid=8022
exe="/usr/lib/NX/nxagent" exit=-13 fsgid=893 fsuid=8022 gid=893 items=0
name="libXcomp.so.2.1.0" path="/usr/lib/NX/lib/libXcomp.so.2.1.0" pid=25820
scontext=user_u:system_r:unconfined_t:s0 sgid=893
subj=user_u:system_r:unconfined_t:s0 suid=8022 tclass=file
tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=8022 

avc: denied { execmod } for comm="nxagent" dev=dm-0 egid=893 euid=8022
exe="/usr/lib/NX/nxagent" exit=-13 fsgid=893 fsuid=8022 gid=893 items=0
name="libXcompext.so.2.1.0" path="/usr/lib/NX/lib/libXcompext.so.2.1.0"
pid=28308 scontext=user_u:system_r:unconfined_t:s0 sgid=893
subj=user_u:system_r:unconfined_t:s0 suid=8022 tclass=file
tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=8022 


Version-Release number of selected component (if applicable):
nx-2.1.0-1.fc6
selinux-policy-targeted-2.4.6-23.fc6

How reproducible:
Always

Steps to Reproduce:
1. install nx server (nxclient, nx, freenx)
2. remotely connect to server
  
Actual results:
se linux violations prevent access to libraries libXcompext.so.2.1.0 and nxagent
libXcomp.so.2.1.0

Expected results:
No selinux violations

Comment 1 Daniel Walsh 2007-01-23 20:51:10 UTC
You can fix these by executing chcon -t textrel_shlib_t
/usr/lib/NX/lib/libXcompext.so.2.1.0

Fixed in selinux-policy-2.4.6-29


Note You need to log in before you can comment on or make changes to this bug.