Bug 224042 - nxagent libXcomp.so.2.1.0 and libXcompext.so.2.1.0 require text relocation
nxagent libXcomp.so.2.1.0 and libXcompext.so.2.1.0 require text relocation
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-23 14:37 EST by Eric Moret
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: selinux-policy-2.4.6-29
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-19 18:46:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eric Moret 2007-01-23 14:37:42 EST
Description of problem:
When remotely connecting to an nxserver host, the nxserver host raises 2
distinct selinux violations:

avc: denied { execmod } for comm="nxagent" dev=dm-0 egid=893 euid=8022
exe="/usr/lib/NX/nxagent" exit=-13 fsgid=893 fsuid=8022 gid=893 items=0
name="libXcomp.so.2.1.0" path="/usr/lib/NX/lib/libXcomp.so.2.1.0" pid=25820
scontext=user_u:system_r:unconfined_t:s0 sgid=893
subj=user_u:system_r:unconfined_t:s0 suid=8022 tclass=file
tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=8022 

avc: denied { execmod } for comm="nxagent" dev=dm-0 egid=893 euid=8022
exe="/usr/lib/NX/nxagent" exit=-13 fsgid=893 fsuid=8022 gid=893 items=0
name="libXcompext.so.2.1.0" path="/usr/lib/NX/lib/libXcompext.so.2.1.0"
pid=28308 scontext=user_u:system_r:unconfined_t:s0 sgid=893
subj=user_u:system_r:unconfined_t:s0 suid=8022 tclass=file
tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=8022 


Version-Release number of selected component (if applicable):
nx-2.1.0-1.fc6
selinux-policy-targeted-2.4.6-23.fc6

How reproducible:
Always

Steps to Reproduce:
1. install nx server (nxclient, nx, freenx)
2. remotely connect to server
  
Actual results:
se linux violations prevent access to libraries libXcompext.so.2.1.0 and nxagent
libXcomp.so.2.1.0

Expected results:
No selinux violations
Comment 1 Daniel Walsh 2007-01-23 15:51:10 EST
You can fix these by executing chcon -t textrel_shlib_t
/usr/lib/NX/lib/libXcompext.so.2.1.0

Fixed in selinux-policy-2.4.6-29

Note You need to log in before you can comment on or make changes to this bug.