To reproduce, take a default Fedora 8 test install (thus with selinux targeted policy enabled) and then start for example jar: [hans@shalem devel]$ jar dl failure on line 696Error: failed /usr/lib/jvm/java-1.7.0-icedtea-1.7.0.0.x86_64/jre/lib/amd64/server/libjvm.so, because /usr/lib/jvm/java-1.7.0-icedtea-1.7.0.0.x86_64/jre/lib/amd64/server/libjvm.so: cannot enable executable stack as shared object requires: Permission denied [hans@shalem devel]$ So either the libjvm.so files need a special selinux type to allow this, or they need to have the execstack bit removed from them. Often files claiming to need an execstack do not really do so, but in this case I'm not sure.
Fixed in selinux-policy-3.0.7-5
This is now http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=68
(In reply to comment #2) > This is now http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=68 Not exactly, that one is about building icedtea (I hit that too, but didn't get around to submitting it) did one is about running icedtea from the Fedora rpms. DWalsh, one question did you fix this for both: /usr/lib/jvm/java-1.7.0-icedtea-1.7.0.0.x86_64/jre/lib/amd64/server/libjvm.so: And: /usr/lib/jvm/java-1.7.0-icedtea-1.7.0.0.x86_64/jre/lib/amd64/client/libjvm.so: And ofcourse for other archs the x86_64 and amd64 will be different but thats obvious. ? (Just making sure)
Should work with all Matches regex /usr/lib(64)?/(.*/)?jre.*/.*\.so(\.[^/]*)* -- system_u:object_r:textrel_shlib_t:s0