Bug 281541 - Doesn't work with selinux enabled
Summary: Doesn't work with selinux enabled
Alias: None
Product: Fedora
Classification: Fedora
Component: java-1.7.0-icedtea   
(Show other bugs)
Version: rawhide
Hardware: All Linux
Target Milestone: ---
Assignee: Thomas Fitzsimmons
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2007-09-06 22:06 UTC by Hans de Goede
Modified: 2007-11-30 22:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-18 19:38:00 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Hans de Goede 2007-09-06 22:06:41 UTC
To reproduce, take a default Fedora 8 test install (thus with selinux targeted
policy enabled) and then start for example jar:
[hans@shalem devel]$ jar
dl failure on line 696Error: failed
cannot enable executable stack as shared object requires: Permission denied
[hans@shalem devel]$

So either the libjvm.so files need a special selinux type to allow this, or they
need to have the execstack bit removed from them. Often files claiming to need
an execstack do not really do so, but in this case I'm not sure.

Comment 1 Daniel Walsh 2007-09-06 23:19:51 UTC
Fixed in selinux-policy-3.0.7-5

Comment 2 Andrew Haley 2007-09-11 14:27:17 UTC
This is now http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=68

Comment 3 Hans de Goede 2007-09-11 14:41:39 UTC
(In reply to comment #2)
> This is now http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=68

Not exactly, that one is about building icedtea (I hit that too, but didn't get
around to submitting it) did one is about running icedtea from the Fedora rpms.

DWalsh, one question did you fix this for both:


And ofcourse for other archs the x86_64 and amd64 will be different but thats

? (Just making sure)

Comment 4 Daniel Walsh 2007-09-11 17:05:54 UTC
Should work with all 

Matches regex

/usr/lib(64)?/(.*/)?jre.*/.*\.so(\.[^/]*)*      --     

Note You need to log in before you can comment on or make changes to this bug.