Bug 234332 - F-Secure Policy Manager doesn't run in a SELinux environment
F-Secure Policy Manager doesn't run in a SELinux environment
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2007-03-28 11:33 EDT by Răzvan Sandu
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: 2.5.11-4.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-07-17 18:26:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Răzvan Sandu 2007-03-28 11:33:59 EDT
Description of problem:

Some components of the F-Secure antivirus suite (Policy Manager and Management
Console) doesn't run with the default SELinux targeted policy.

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1. Install a clean FC6 + updates (28.03.2007), with SELinux targeted policy,
enforcing mode.
2. Install the above RPMs, available from http;//www.f-secure.com
3. Try to start installed services (Policy Manager). Service doesn't start.
4. Disable SELinux and retry to start services. Services now start.

Actual results:
Program does not perform as specified in a SELinux environment.

Expected results:
Program should perform as specified when SELinux is enabled.

Additional info:
Red Hat Enterprise Linux is mentioned as a supported OS by F-Secure.
Comment 1 Daniel Walsh 2007-03-28 16:17:57 EDT
What avc messages are you seeing in your log files?

Comment 2 Răzvan Sandu 2007-04-02 02:39:44 EDT

I can't respond to the above question right now (I don't have the testing
machine at hand).

However, this is the official answer I've got from F-Secure developer in Finland:


Confirmed while testing on FC6 with selinux configured to enforcing + targeted








Executing "/etc/init.d/fspms start" generated folllowing error:


"Cannot load /opt/f-secure/fspms/libexec/libfsmsh.so into server:
/opt/f-secure/fspms/libexec/librapi.so.0: cannot restore segment prot after
reloc: Permission denied"



... avc: denied { execmod } for pid=2879 comm="fspms" name="librapi.so.0.0.0" ....


Checked http://docs.fedoraproject.org/selinux-faq-fc5/#faq-entry-unconfined_t

and per instructions, executed the following:


# /usr/sbin/semanage fcontext -a -t textrel_shlib_t

# /sbin/restorecon -v /opt/f-secure/fspms/libexec/librapi.so.0.0.0


Now, when I stopped and started fspms, no problems noted and no avc errors in
syslog. Accessing both admin and host-port via localhost 80 and 8080 worked, too.

Comment 3 Răzvan Sandu 2007-04-04 07:49:33 EDT
A bug regarding this was also created on F-Secure's website:

Number: 1-101072186
Created: 4.4.2007 14:38:24
Subject: F-Secure Policy Manager doesn't run in the default SELinux environment


Comment 4 Daniel Walsh 2007-04-05 10:45:43 EDT
Fixed in selinux-policy-2.5.11-4.fc7

Note You need to log in before you can comment on or make changes to this bug.