Description of problem: Some components of the F-Secure antivirus suite (Policy Manager and Management Console) doesn't run with the default SELinux targeted policy. Version-Release number of selected component (if applicable): f-secure-automatic-update-agent-2.1.1489-1.i386.rpm f-secure-policy-manager-console-7.00.4220-1.i386.rpm f-secure-policy-manager-server-7.00.7040-1.i386.rpm f-secure-policy-manager-web-reporting-7.00.235-1.i386.rpm How reproducible: Always. Steps to Reproduce: 1. Install a clean FC6 + updates (28.03.2007), with SELinux targeted policy, enforcing mode. 2. Install the above RPMs, available from http;//www.f-secure.com 3. Try to start installed services (Policy Manager). Service doesn't start. 4. Disable SELinux and retry to start services. Services now start. Actual results: Program does not perform as specified in a SELinux environment. Expected results: Program should perform as specified when SELinux is enabled. Additional info: Red Hat Enterprise Linux is mentioned as a supported OS by F-Secure.
What avc messages are you seeing in your log files? /var/log/audit/audit.log
Hello, I can't respond to the above question right now (I don't have the testing machine at hand). However, this is the official answer I've got from F-Secure developer in Finland: ------------------------------------------------------------------------------- Confirmed while testing on FC6 with selinux configured to enforcing + targeted /etc/selinux/config ... SELINUX=enforcing ... SELINUXTYPE=targeted Executing "/etc/init.d/fspms start" generated folllowing error: "Cannot load /opt/f-secure/fspms/libexec/libfsmsh.so into server: /opt/f-secure/fspms/libexec/librapi.so.0: cannot restore segment prot after reloc: Permission denied" /var/log/messages: ... avc: denied { execmod } for pid=2879 comm="fspms" name="librapi.so.0.0.0" .... Checked http://docs.fedoraproject.org/selinux-faq-fc5/#faq-entry-unconfined_t and per instructions, executed the following: # /usr/sbin/semanage fcontext -a -t textrel_shlib_t '/opt/f-secure/fspms/libexec/librapi.so.0.0.0' # /sbin/restorecon -v /opt/f-secure/fspms/libexec/librapi.so.0.0.0 Now, when I stopped and started fspms, no problems noted and no avc errors in syslog. Accessing both admin and host-port via localhost 80 and 8080 worked, too. ---------------------------------------------------------------------------- Regards, Răzvan
A bug regarding this was also created on F-Secure's website: Number: 1-101072186 Created: 4.4.2007 14:38:24 Subject: F-Secure Policy Manager doesn't run in the default SELinux environment Regards, Răzvan
Fixed in selinux-policy-2.5.11-4.fc7