Bug 281541 - Doesn't work with selinux enabled
Doesn't work with selinux enabled
Product: Fedora
Classification: Fedora
Component: java-1.7.0-icedtea (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Thomas Fitzsimmons
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-09-06 18:06 EDT by Hans de Goede
Modified: 2007-11-30 17:12 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-18 15:38:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Hans de Goede 2007-09-06 18:06:41 EDT
To reproduce, take a default Fedora 8 test install (thus with selinux targeted
policy enabled) and then start for example jar:
[hans@shalem devel]$ jar
dl failure on line 696Error: failed
cannot enable executable stack as shared object requires: Permission denied
[hans@shalem devel]$

So either the libjvm.so files need a special selinux type to allow this, or they
need to have the execstack bit removed from them. Often files claiming to need
an execstack do not really do so, but in this case I'm not sure.
Comment 1 Daniel Walsh 2007-09-06 19:19:51 EDT
Fixed in selinux-policy-3.0.7-5
Comment 2 Andrew Haley 2007-09-11 10:27:17 EDT
This is now http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=68
Comment 3 Hans de Goede 2007-09-11 10:41:39 EDT
(In reply to comment #2)
> This is now http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=68

Not exactly, that one is about building icedtea (I hit that too, but didn't get
around to submitting it) did one is about running icedtea from the Fedora rpms.

DWalsh, one question did you fix this for both:


And ofcourse for other archs the x86_64 and amd64 will be different but thats

? (Just making sure)
Comment 4 Daniel Walsh 2007-09-11 13:05:54 EDT
Should work with all 

Matches regex

/usr/lib(64)?/(.*/)?jre.*/.*\.so(\.[^/]*)*      --     

Note You need to log in before you can comment on or make changes to this bug.