Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. start maxima 2. maxima fails to load 3. Actual results: Maxima does not fully load Expected results: For maxima to work Additional info:
Summary SELinux is preventing maxima from loading /usr/lib/maxima/5.13.0/binary- gcl/maxima which requires text relocation. Detailed Description The maxima application attempted to load /usr/lib/maxima/5.13.0/binary- gcl/maxima which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The http://people.redhat.com/drepper/selinux-mem.html web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/maxima/5.13.0/binary-gcl/maxima to use relocation as a workaround, until the library is fixed. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Allowing Access If you trust /usr/lib/maxima/5.13.0/binary-gcl/maxima to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/lib/maxima/5.13.0/binary-gcl/maxima" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t /usr/lib/maxima/5.13.0 /binary-gcl/maxima" The following command will allow this access: chcon -t textrel_shlib_t /usr/lib/maxima/5.13.0/binary-gcl/maxima Additional Information Source Context system_u:system_r:unconfined_execmem_t Target Context system_u:object_r:unconfined_execmem_exec_t Target Objects /usr/lib/maxima/5.13.0/binary-gcl/maxima [ file ] Affected RPM Packages maxima-runtime-gcl-5.13.0-4.fc8 [target] Policy RPM selinux-policy-3.0.7-10.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.allow_execmod Host Name localhost Platform Linux localhost 2.6.23-0.174.rc6.fc8 #1 SMP Tue Sep 11 19:06:17 EDT 2007 i686 athlon Alert Count 2 First Seen Wed 12 Sep 2007 10:25:51 AM CDT Last Seen Wed 12 Sep 2007 10:29:34 AM CDT Local ID d5f20c6c-774f-4f65-bc5c-90e2658d4c3d Line Numbers Raw Audit Messages avc: denied { execmod } for comm=maxima dev=dm-0 path=/usr/lib/maxima/5.13.0 /binary-gcl/maxima pid=4043 scontext=system_u:system_r:unconfined_execmem_t:s0 tclass=file tcontext=system_u:object_r:unconfined_execmem_exec_t:s0
This is likely more an issue with gcl-created binaries, not specific to maxima. While we're at it, see also a previous maxima/selinux related issue, bug #187647 The egregious hack used for that was to simply run maxima with: setarch -X which I would have thought would help here too. In the meantime, pretty much any other maxima-runtime can/does work better than gcl (maxima-runtime-sbcl for instance).
I have installed maxima-runtime-cbl as you have suggested: [root@localhost ~]# yum install maxima-runtime-sbcl Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package maxima-runtime-sbcl.i386 0:5.13.0-4.fc8 set to be updated --> Processing Dependency: sbcl = 1.0.9 for package: maxima-runtime-sbcl --> Running transaction check ---> Package sbcl.i386 0:1.0.9-1.fc8 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: maxima-runtime-sbcl i386 5.13.0-4.fc8 development 13 M Installing for dependencies: sbcl i386 1.0.9-1.fc8 development 9.0 M Transaction Summary ============================================================================= Install 2 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 22 M Is this ok [y/N]: y Downloading Packages: (1/2): maxima-runtime-sbc 100% |=========================| 13 MB 00:08 (2/2): sbcl-1.0.9-1.fc8.i 100% |=========================| 9.0 MB 00:07 Running rpm_check_debug Running Transaction Test warning: sbcl-1.0.9-1.fc8: Header V3 DSA signature: NOKEY, key ID 30c9ecf8 Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: sbcl ######################### [1/2] Installing: maxima-runtime-sbcl ######################### [2/2] Installed: maxima-runtime-sbcl.i386 0:5.13.0-4.fc8 Dependency Installed: sbcl.i386 0:1.0.9-1.fc8 Complete! Yet I still get Summary SELinux is preventing maxima from loading /usr/lib/maxima/5.13.0/binary- gcl/maxima which requires text relocation. Detailed Description The maxima application attempted to load /usr/lib/maxima/5.13.0/binary- gcl/maxima which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The http://people.redhat.com/drepper/selinux-mem.html web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/maxima/5.13.0/binary-gcl/maxima to use relocation as a workaround, until the library is fixed. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Allowing Access If you trust /usr/lib/maxima/5.13.0/binary-gcl/maxima to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/lib/maxima/5.13.0/binary-gcl/maxima" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t /usr/lib/maxima/5.13.0 /binary-gcl/maxima" The following command will allow this access: chcon -t textrel_shlib_t /usr/lib/maxima/5.13.0/binary-gcl/maxima Additional Information Source Context system_u:system_r:unconfined_execmem_t Target Context system_u:object_r:unconfined_execmem_exec_t Target Objects /usr/lib/maxima/5.13.0/binary-gcl/maxima [ file ] Affected RPM Packages maxima-runtime-gcl-5.13.0-4.fc8 [target] Policy RPM selinux-policy-3.0.7-10.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.allow_execmod Host Name localhost Platform Linux localhost 2.6.23-0.174.rc6.fc8 #1 SMP Tue Sep 11 19:06:17 EDT 2007 i686 athlon Alert Count 2 First Seen Wed 12 Sep 2007 10:25:51 AM CDT Last Seen Wed 12 Sep 2007 10:29:34 AM CDT Local ID d5f20c6c-774f-4f65-bc5c-90e2658d4c3d Line Numbers Raw Audit Messages avc: denied { execmod } for comm=maxima dev=dm-0 path=/usr/lib/maxima/5.13.0 /binary-gcl/maxima pid=4043 scontext=system_u:system_r:unconfined_execmem_t:s0 tclass=file tcontext=system_u:object_r:unconfined_execmem_exec_t:s0 I had maxima running fine, but I had to yum remove it because of setarch, could not apply the updates: These were removed because of setarch package setarch i386 2.0-4.fc7 maxima i386 5.12.99-0.5.rc2.fc8 installed 81 M maxima-gui i386 5.12.99-0.5.rc2.fc8 installed 833 k maxima-runtime-gcl i386 5.12.99-0.5.rc2.fc8 installed 24 M
You'll need to either remove maxima-runtime-gcl or run as: maxima --lisp=sbcl
What is /usr/lib/maxima/5.13.0/binary-gcl/maxima? Did you set the context to textrel_shlib_t? Did it work then?
Reading through the avc's again, it lookd like the app needs execmod as well as execstack and execmem?
[olivares@localhost ~]$ maxima mmap: Permission denied ensure_space: failed to validate 1044480 bytes at 0x01000000 (hint: Try "ulimit -a"; maybe you should increase memory limits.) [olivares@localhost ~]$ su - Password: [root@localhost ~]# chcon -t textrel_shlib_t /usr/lib/maxima/5.13.0/binary-gcl/maxima [root@localhost ~]# semanage fcontext -a -t textrel_shlib_t /usr/lib/maxima/5.13.0/binary-gcl/maxima [root@localhost ~]# exit logout [olivares@localhost ~]$ maxima mmap: Permission denied ensure_space: failed to validate 1044480 bytes at 0x01000000 (hint: Try "ulimit -a"; maybe you should increase memory limits.) [olivares@localhost ~]$ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 12285 max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 12285 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited I try as root and this is what happens: [root@localhost ~]# maxima --lisp=sbcl mmap: Permission denied ensure_space: failed to validate 1044480 bytes at 0x01000000 (hint: Try "ulimit -a"; maybe you should increase memory limits.) Selinux troubleshoot shows: Summary SELinux is preventing /usr/bin/sbcl from changing a writable memory segment executable. Detailed Description The /usr/bin/sbcl application attempted to change the access protection of memory (e,g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The http://people.redhat.com/drepper/selinux-mem.html web page explains how to remove this requirement. If /usr/bin/sbcl does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Allowing Access If you trust /usr/bin/sbcl to run correctly, you can change the context of the executable to unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t /usr/bin/sbcl". You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t unconfined_execmem_exec_t /usr/bin/sbcl" The following command will allow this access: chcon -t unconfined_execmem_exec_t /usr/bin/sbcl Additional Information Source Context system_u:system_r:unconfined_t Target Context system_u:system_r:unconfined_t Target Objects None [ process ] Affected RPM Packages sbcl-1.0.9-1.fc8 [application] Policy RPM selinux-policy-3.0.7-10.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.allow_execmem Host Name localhost Platform Linux localhost 2.6.23-0.178.rc6.git2.fc8 #1 SMP Wed Sep 12 17:14:53 EDT 2007 i686 athlon Alert Count 21 First Seen Tue 28 Aug 2007 07:49:26 AM CDT Last Seen Thu 13 Sep 2007 06:50:28 PM CDT Local ID 5728acf1-707b-4ea6-b2ae-84ecb44cd93c Line Numbers Raw Audit Messages avc: denied { execmem } for comm=sbcl egid=0 euid=0 exe=/usr/bin/sbcl exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=3142 scontext=system_u:system_r:unconfined_t:s0 sgid=0 subj=system_u:system_r:unconfined_t:s0 suid=0 tclass=process tcontext=system_u:system_r:unconfined_t:s0 tty=pts1 uid=0
Hrm, maxima (both gcl and sbcl runtimes) on f7 under SELINUXTYPE=targeted policy WORKSFORME. I'll go see if I can get a f8 VM (qemu or VirtualPC) running to see if I can reproduce. Antonio, what selinux policy are you using (targeted?)?
allow_execmem and allow_execstack are turned on in F-7 and turned off in f-8
So, what can lisp's and lisp-generated apps do to work on f8? (Other than rewrite the lisp implementations to not use execmem and execstack at all).
Did you try the chcon command mentioned above chcon -t unconfined_execmem_exec_t PATHTOEXEC If this works we can setup this as default labeling
Does not help much. Is there another thing that we can try? [olivares@localhost ~]$ su - Password: [root@localhost ~]# chcon -t unconfined_execmem_exec_t /usr/lib/maxima/5.13.0/binary-gcl/maxima [root@localhost ~]# maxima mmap: Permission denied ensure_space: failed to validate 1044480 bytes at 0x01000000 (hint: Try "ulimit -a"; maybe you should increase memory limits.) [root@localhost ~]# chcon -t unconfined_execmem_exec_t /usr/lib/maxima/5.13.0/binary-gcl/maxima [root@localhost ~]# maximammap: Permission denied ensure_space: failed to validate 1044480 bytes at 0x01000000 (hint: Try "ulimit -a"; maybe you should increase memory limits.) [root@localhost ~]# Thanks, Antonio
Did you see additional avc messages in the log file? runcon -t unconfined_execmem_exec_t /usr/lib/maxima/5.13.0/binary-gcl/maxima Might get it to work.
Ooops. Should be runcon -t unconfined_execmem_t /usr/lib/maxima/5.13.0/binary-gcl/maxima
No go. I have done as you have asked. [olivares@localhost ~]$ su - Password: [root@localhost ~]# runcon -t unconfined_execmem_t /usr/lib/maxima/5.13.0/binary-gcl/maxima Segmentation fault [root@localhost ~]# maxima mmap: Permission denied ensure_space: failed to validate 1044480 bytes at 0x01000000 (hint: Try "ulimit -a"; maybe you should increase memory limits.) [root@localhost ~]# ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 12285 max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 12285 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited [root@localhost ~]# maxima mmap: Permission denied ensure_space: failed to validate 1044480 bytes at 0x01000000 (hint: Try "ulimit -a"; maybe you should increase memory limits.) [root@localhost ~]# runcon -t unconfined_execmem_t /usr/lib/maxima/5.13.0/binary-gcl/maxima Segmentation fault [root@localhost ~]# On the other machine which had FC6 and maxima was not working there, I have installed F8T2 on it and will install maxima to see if the behavior is the same and will report back if things are the same as here.
I have installed it on another machine (the one which maxima failed and ran FC6) and here are the results: Here is the smolt profile of that machine http://smolt.fedoraproject.org/show?UUID=27eb0b00-4d7a-42a9-93bc-6eb3d48bcf2f [root@localhost ~]# yum install maxima maxima-gui maxima-runtime-sbcl wxMaxima Loading "refresh-updatesd" plugin development 100% |=========================| 2.1 kB 00:00 texlive 100% |=========================| 951 B 00:00 Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package maxima.i386 0:5.13.0-6.fc8 set to be updated --> Processing Dependency: gnuplot for package: maxima ---> Package wxMaxima.i386 0:0.7.2-4.fc8 set to be updated --> Processing Dependency: libwx_gtk2u_core-2.8.so.0(WXU_2.8) for package: wxMaxima --> Processing Dependency: libwx_gtk2u_adv-2.8.so.0(WXU_2.8) for package: wxMaxima --> Processing Dependency: libwx_gtk2u_xrc-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_gtk2u_adv-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_gtk2u_core-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_baseu_net-2.8.so.0(WXU_2.8) for package: wxMaxima --> Processing Dependency: libwx_gtk2u_aui-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_gtk2u_html-2.8.so.0(WXU_2.8) for package: wxMaxima --> Processing Dependency: libwx_baseu-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_baseu_xml-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_gtk2u_qa-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_gtk2u_html-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_baseu_net-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_baseu-2.8.so.0(WXU_2.8) for package: wxMaxima ---> Package maxima-runtime-sbcl.i386 0:5.13.0-6.fc8 set to be updated --> Processing Dependency: sbcl = 1.0.9 for package: maxima-runtime-sbcl ---> Package maxima-gui.i386 0:5.13.0-6.fc8 set to be updated --> Running transaction check ---> Package gnuplot.i386 0:4.2.0-5.fc8 set to be updated --> Processing Dependency: perl(HTML::Entities) for package: gnuplot ---> Package sbcl.i386 0:1.0.9-1.fc8 set to be updated ---> Package wxGTK.i386 0:2.8.4-6.fc8 set to be updated --> Running transaction check ---> Package perl-HTML-Parser.i386 0:3.56-2.fc8 set to be updated --> Processing Dependency: perl(HTML::Tagset) >= 3.03 for package: perl-HTML-Parser --> Processing Dependency: perl(HTML::Tagset) for package: perl-HTML-Parser --> Running transaction check ---> Package perl-HTML-Tagset.noarch 0:3.10-6.fc8 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: maxima-gui i386 5.13.0-6.fc8 development 365 k wxMaxima i386 0.7.2-4.fc8 development 524 k Installing for dependencies: gnuplot i386 4.2.0-5.fc8 development 1.6 M maxima i386 5.13.0-6.fc8 development 14 M maxima-runtime-sbcl i386 5.13.0-6.fc8 development 13 M perl-HTML-Parser i386 3.56-2.fc8 development 111 k perl-HTML-Tagset noarch 3.10-6.fc8 development 15 k sbcl i386 1.0.9-1.fc8 development 9.0 M wxGTK i386 2.8.4-6.fc8 development 4.4 M Transaction Summary ============================================================================= Install 9 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 43 M Is this ok [y/N]: y Downloading Packages: (1/9): maxima-runtime-sbc 100% |=========================| 13 MB 00:06 (2/9): perl-HTML-Tagset-3 100% |=========================| 15 kB 00:00 (3/9): wxGTK-2.8.4-6.fc8. 100% |=========================| 4.4 MB 00:03 (4/9): maxima-5.13.0-6.fc 100% |=========================| 14 MB 00:07 (5/9): sbcl-1.0.9-1.fc8.i 100% |=========================| 9.0 MB 00:06 (6/9): maxima-gui-5.13.0- 100% |=========================| 365 kB 00:00 (7/9): perl-HTML-Parser-3 100% |=========================| 111 kB 00:00 (8/9): wxMaxima-0.7.2-4.f 100% |=========================| 524 kB 00:00 (9/9): gnuplot-4.2.0-5.fc 100% |=========================| 1.6 MB 00:01 Running rpm_check_debug Running Transaction Test warning: perl-HTML-Parser-3.56-2.fc8: Header V3 DSA signature: NOKEY, key ID 30c9ecf8 Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: wxGTK ######################### [1/9] Installing: sbcl ######################### [2/9] Installing: perl-HTML-Tagset ######################### [3/9] Installing: perl-HTML-Parser ######################### [4/9] Installing: gnuplot ######################### [5/9] Installing: maxima ######################### [6/9] Installing: wxMaxima ######################### [7/9] Installing: maxima-gui ######################### [8/9] Installing: maxima-runtime-sbcl ######################### [9/9] Installed: maxima-gui.i386 0:5.13.0-6.fc8 wxMaxima.i386 0:0.7.2-4.fc8 Dependency Installed: gnuplot.i386 0:4.2.0-5.fc8 maxima.i386 0:5.13.0-6.fc8 maxima-runtime-sbcl.i386 0:5.13.0-6.fc8 perl-HTML-Parser.i386 0:3.56-2.fc8 perl-HTML-Tagset.noarch 0:3.10-6.fc8 sbcl.i386 0:1.0.9-1.fc8 wxGTK.i386 0:2.8.4-6.fc8 Complete! [root@localhost ~]# exit logout [olivares@localhost ~]$ maxima mmap: Permission denied ensure_space: failed to validate 1044480 bytes at 0x01000000 (hint: Try "ulimit -a"; maybe you should increase memory limits.) [olivares@localhost ~]$ xmaxima mmap: Permission denied ensure_space: failed to validate 1044480 bytes at 0x01000000 (hint: Try "ulimit -a"; maybe you should increase memory limits.) [olivares@localhost ~]$ [olivares@localhost ~]$ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 8175 max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 8175 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited [olivares@localhost ~]$ maxima mmap: Permission denied ensure_space: failed to validate 1044480 bytes at 0x01000000 (hint: Try "ulimit -a"; maybe you should increase memory limits.) [olivares@localhost ~]$ Thanks for your help. Regards, Antonio
BTW on this other machine which I just installed maxima, I forgot to try the runcon command and here it is [root@localhost ~]# runcon -t unconfined_execmem_t /usr/lib/maxima/5.13.0/binary-gcl/maxima execvp: No such file or directory [root@localhost ~]# runcon -t unconfined_execmem_t /usr/lib/maxima/5.13.0/binary-gcl/maxima execvp: No such file or directory [root@localhost ~]# I got an alert from setroubleshoot browser as follows: Summary SELinux is preventing /usr/bin/sbcl from changing a writable memory segment executable. Detailed Description The /usr/bin/sbcl application attempted to change the access protection of memory (e,g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The http://people.redhat.com/drepper/selinux-mem.html web page explains how to remove this requirement. If /usr/bin/sbcl does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Allowing Access If you trust /usr/bin/sbcl to run correctly, you can change the context of the executable to unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t /usr/bin/sbcl". You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t unconfined_execmem_exec_t /usr/bin/sbcl" The following command will allow this access: chcon -t unconfined_execmem_exec_t /usr/bin/sbcl Additional Information Source Context system_u:system_r:unconfined_t:s0 Target Context system_u:system_r:unconfined_t:s0 Target Objects None [ process ] Affected RPM Packages sbcl-1.0.9-1.fc8 [application] Policy RPM selinux-policy-3.0.8-3.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.allow_execmem Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.23-0.189.rc6.git8.fc8 #1 SMP Wed Sep 19 20:34:10 EDT 2007 i686 i686 Alert Count 3 First Seen Fri 21 Sep 2007 06:22:42 PM CDT Last Seen Fri 21 Sep 2007 06:24:04 PM CDT Local ID 21b2f0ab-dd92-443f-91a7-a2eeb6d06678 Line Numbers Raw Audit Messages avc: denied { execmem } for comm=sbcl egid=500 euid=500 exe=/usr/bin/sbcl exit=-13 fsgid=500 fsuid=500 gid=500 items=0 pid=10912 scontext=system_u:system_r:unconfined_t:s0 sgid=500 subj=system_u:system_r:unconfined_t:s0 suid=500 tclass=process tcontext=system_u:system_r:unconfined_t:s0 tty=pts1 uid=500 I did the following and maxima now works, part of it at least(as root): [root@localhost ~]# runcon -t unconfined_execmem_t /usr/lib/maxima/5.13.0/binary-gcl/maxima execvp: No such file or directory [root@localhost ~]# chcon -t unconfined_execmem_exec_t /usr/bin/sbcl [root@localhost ~]# semanage fcontext -a -t unconfined_execmem_exec_t /usr/bin/sbcl [root@localhost ~]# runcon -t unconfined_execmem_t /usr/lib/maxima/5.13.0/binary-gcl/maxima execvp: No such file or directory [root@localhost ~]# maxima Maxima 5.13.0 http://maxima.sourceforge.net Using Lisp SBCL 1.0.9 Distributed under the GNU Public License. See the file COPYING. Dedicated to the memory of William Schelter. This is a development version of Maxima. The function bug_report() provides bug reporting information. (%i1) solve(x^2+2*x+1=0,x); (%o1) [x = - 1] (%i2) quit(); [root@localhost ~]# So things are looking brighter. xmaxima works as root user also: [root@localhost ~]# xmaxima Maxima 5.13.0 http://maxima.sourceforge.net Using Lisp SBCL 1.0.9 Distributed under the GNU Public License. See the file COPYING. Dedicated to the memory of William Schelter. This is a development version of Maxima. The function bug_report() provides bug reporting information. (%i1) jfa: starting server on port 4008 Help! 11 nested errors. SB-KERNEL:*MAXIMUM-ERROR-DEPTH* exceeded. 0: (BACKTRACE 536870911 #<SYNONYM-STREAM :SYMBOL SB-SYS:*TTY* {C38B8D1}>) 1: ((LAMBDA NIL)) 2: ((LAMBDA NIL)) 3: (SB-IMPL::%WITH-STANDARD-IO-SYNTAX #<CLOSURE (LAMBDA NIL) {C38B9ED}>) 4: (SB-IMPL::ERROR-ERROR) 5: (SB-IMPL::INFINITE-ERROR-PROTECTOR) 6: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 7: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 8: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 9: (SB-IMPL::OUTPUT-CHAR-UTF-8-LINE-BUFFERED #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> #\Newline) 10: (TERPRI #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 11: ((LAMBDA NIL)) 12: ((LAMBDA NIL)) 13: (SB-IMPL::%WITH-STANDARD-IO-SYNTAX #<CLOSURE (LAMBDA NIL) {C38B02D}>) 14: (SB-IMPL::ERROR-ERROR) 15: (SB-IMPL::INFINITE-ERROR-PROTECTOR) 16: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 17: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 18: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 19: (FORCE-OUTPUT #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 20: (SB-INT:FLUSH-STANDARD-OUTPUT-STREAMS) 21: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38AEE1}>) 22: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38AEE1}>) 23: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 24: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 25: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 26: (FORCE-OUTPUT #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 27: (SB-INT:FLUSH-STANDARD-OUTPUT-STREAMS) 28: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38AD89}>) 29: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38AD89}>) 30: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 31: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 32: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 33: (FORCE-OUTPUT #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 34: (SB-INT:FLUSH-STANDARD-OUTPUT-STREAMS) 35: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38AC31}>) 36: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38AC31}>) 37: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 38: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 39: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 40: (FORCE-OUTPUT #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 41: (SB-INT:FLUSH-STANDARD-OUTPUT-STREAMS) 42: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38AAD9}>) 43: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38AAD9}>) 44: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 45: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 46: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 47: (FORCE-OUTPUT #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 48: (SB-INT:FLUSH-STANDARD-OUTPUT-STREAMS) 49: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38A981}>) 50: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38A981}>) 51: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 52: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 53: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 54: (FORCE-OUTPUT #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 55: (SB-INT:FLUSH-STANDARD-OUTPUT-STREAMS) 56: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38A829}>) 57: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38A829}>) 58: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 59: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 60: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 61: (FORCE-OUTPUT #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 62: (SB-INT:FLUSH-STANDARD-OUTPUT-STREAMS) 63: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38A6D1}>) 64: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38A6D1}>) 65: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 66: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 67: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 68: (FORCE-OUTPUT #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 69: (SB-INT:FLUSH-STANDARD-OUTPUT-STREAMS) 70: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38A579}>) 71: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38A579}>) 72: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 73: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 74: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 75: (FORCE-OUTPUT #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 76: (SB-INT:FLUSH-STANDARD-OUTPUT-STREAMS) 77: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38A421}>) 78: (INVOKE-DEBUGGER #<SB-INT:SIMPLE-STREAM-ERROR {C38A421}>) 79: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 80: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 81: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 82: (SB-IMPL::OUTPUT-CHAR-UTF-8-LINE-BUFFERED #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> #\Newline) 83: (FRESH-LINE #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 84: (SB-FORMAT::&-FORMAT-DIRECTIVE-INTERPRETER #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> #<~&> ("Maxima encountered a Lisp error:" #<~%> #<~%> " " #<~A>) #<unavailable argument> #<unavailable argument>) 85: (SB-FORMAT::INTERPRET-DIRECTIVE-LIST #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> (#<~&> "Maxima encountered a Lisp error:" #<~%> #<~%> " " #<~A>) (#<SIMPLE-ERROR {C389EE1}>) (#<SIMPLE-ERROR {C389EE1}>)) 86: (SB-FORMAT::%FORMAT #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> "~&Maxima encountered a Lisp error:~%~% ~A" (#<SIMPLE-ERROR {C389EE1}>) (#<SIMPLE-ERROR {C389EE1}>)) 87: (FORMAT T "~&Maxima encountered a Lisp error:~%~% ~A") 88: (MAXIMA::MAXIMA-LISP-DEBUGGER #<SIMPLE-ERROR {C389EE1}> #<unavailable argument>) 89: (INVOKE-DEBUGGER #<SIMPLE-ERROR {C389EE1}>) 90: (INVOKE-DEBUGGER #<SIMPLE-ERROR {C389EE1}>) 91: (ERROR "Error during processing of --eval ~ option ~S:~%~% ~A") 92: ((LAMBDA (SB-IMPL::E)) #<SB-INT:SIMPLE-STREAM-ERROR {C389BF9}>) 93: ((LAMBDA (SB-IMPL::E)) #<SB-INT:SIMPLE-STREAM-ERROR {C389BF9}>) 94: (SIGNAL #<SB-INT:SIMPLE-STREAM-ERROR {C389BF9}>) 95: (ERROR SB-INT:SIMPLE-STREAM-ERROR) 96: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 97: (SB-IMPL::SIMPLE-STREAM-PERROR "Couldn't write to ~s" #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> 32) 98: (FORCE-OUTPUT #<SB-SYS:FD-STREAM for "a socket" {C2F6249}>) 99: (MAXIMA::DBM-READ #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> NIL (NIL) NIL) 100: (MAXIMA::CONTINUE #<SB-SYS:FD-STREAM for "a socket" {C2F6249}> NIL) 101: (MAXIMA::MACSYMA-TOP-LEVEL #<SB-IMPL::STRING-INPUT-STREAM {BABE181}> NIL) 102: (RUN) 103: (SB-INT:SIMPLE-EVAL-IN-LEXENV (RUN) #<NULL-LEXENV>) 104: (SB-IMPL::PROCESS-EVAL-OPTIONS ("(cl-user::run)")) 105: (SB-IMPL::TOPLEVEL-INIT) 106: ((LABELS SB-IMPL::RESTART-LISP)) debugger invoked on a SIMPLE-ERROR in thread #<THREAD "initial thread" {BA8FAA9}>: Maximum error nesting depth exceeded Type HELP for debugger help, or (SB-EXT:QUIT) to exit from SBCL. restarts (invokable by number or by possibly-abbreviated name): 0: [MACSYMA-QUIT] Maxima top-level 1: [CONTINUE ] Ignore and continue with next --eval option. 2: [ABORT ] Skip rest of --eval options. 3: Skip to toplevel READ/EVAL/PRINT loop. 4: [QUIT ] Quit SBCL (calling #'QUIT, killing the process). ((LAMBDA (SB-IMPL::E)) #<SB-INT:SIMPLE-STREAM-ERROR {C389BF9}>) 0] [root@localhost ~]# Now will try as regular user and report back.
Now xmaxima is running as regular user as well: (%i1) 2 x - 1 2 atan(-------) log(x - x + 1) sqrt(3) log(x + 1) (%o1) - --------------- + ------------- + ---------- 6 sqrt(3) 3 (%i2) 2 x - 1 2 atan(-------) log(x - x + 1) sqrt(3) log(x + 1) (%o2) --------------- + ------------- - ---------- 6 sqrt(3) 3 (%i3) %pi (%o3) --- 4 (%i4) [olivares@localhost ~]$ Maxima 5.13.0 http://maxima.sourceforge.net Using Lisp SBCL 1.0.9 Distributed under the GNU Public License. See the file COPYING. Dedicated to the memory of William Schelter. This is a development version of Maxima. The function bug_report() provides bug reporting information. (%i1) jfa: starting server on port 4008 Will try these changes to other machine and see if it helps. This machine appear to have squashed maxima/xmaxima error. Regards, Antonio
On the machine with the original problem http://smolt.fedoraproject.org/show?UUID=5e80274b-13b0-455b-b557-d05b0170dcfc I have done this: [root@localhost ~]# chcon -t unconfined_execmem_exec_t /usr/bin/sbcl [root@localhost ~]# semanage fcontext -a -t unconfined_execmem_exec_t /usr/bin/sbcl [root@localhost ~]# runcon -t unconfined_execmem_t /usr/lib/maxima/5.13.0/binary-gcl/maxima Segmentation fault I got the alert: Summary SELinux is preventing /usr/lib/maxima/5.13.0/binary-gcl/maxima from loading /usr/lib/maxima/5.13.0/binary-gcl/maxima which requires text relocation. Detailed Description The /usr/lib/maxima/5.13.0/binary-gcl/maxima application attempted to load /usr/lib/maxima/5.13.0/binary-gcl/maxima which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The http://people.redhat.com/drepper/selinux-mem.html web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/maxima/5.13.0/binary-gcl/maxima to use relocation as a workaround, until the library is fixed. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Allowing Access If you trust /usr/lib/maxima/5.13.0/binary-gcl/maxima to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/lib/maxima/5.13.0/binary-gcl/maxima" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t /usr/lib/maxima/5.13.0 /binary-gcl/maxima" The following command will allow this access: chcon -t textrel_shlib_t /usr/lib/maxima/5.13.0/binary-gcl/maxima Additional Information Source Context system_u:system_r:unconfined_execmem_t Target Context system_u:object_r:unconfined_execmem_exec_t Target Objects /usr/lib/maxima/5.13.0/binary-gcl/maxima [ file ] Affected RPM Packages maxima-runtime-gcl-5.13.0-6.fc8 [application ]maxima-runtime-gcl-5.13.0-6.fc8 [target] Policy RPM selinux-policy-3.0.8-3.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.allow_execmod Host Name localhost Platform Linux localhost 2.6.23-0.189.rc6.git8.fc8 #1 SMP Wed Sep 19 20:34:10 EDT 2007 i686 athlon Alert Count 8 First Seen Wed 12 Sep 2007 10:25:51 AM CDT Last Seen Fri 21 Sep 2007 06:43:46 PM CDT Local ID d5f20c6c-774f-4f65-bc5c-90e2658d4c3d Line Numbers Raw Audit Messages avc: denied { execmod } for comm=maxima dev=dm-0 egid=0 euid=0 exe=/usr/lib/maxima/5.13.0/binary-gcl/maxima exit=-13 fsgid=0 fsuid=0 gid=0 items=0 path=/usr/lib/maxima/5.13.0/binary-gcl/maxima pid=6874 scontext=system_u:system_r:unconfined_execmem_t:s0 sgid=0 subj=system_u:system_r:unconfined_execmem_t:s0 suid=0 tclass=file tcontext=system_u:object_r:unconfined_execmem_exec_t:s0 tty=pts0 uid=0 Applied the requirements [root@localhost ~]# chcon -t textrel_shlib_t /usr/lib/maxima/5.13.0/binary-gcl/maxima [root@localhost ~]# semanage fcontext -a -t textrel_shlib_t /usr/lib/maxima/5.13.0/binary-gcl/maxima [root@localhost ~]# maxima Maxima 5.13.0 http://maxima.sourceforge.net Using Lisp SBCL 1.0.9 Distributed under the GNU Public License. See the file COPYING. Dedicated to the memory of William Schelter. This is a development version of Maxima. The function bug_report() provides bug reporting information. (%i1) solve(x^3+7*x^2+7*x-1;x); Incorrect syntax: Missing ) (%i1) Incorrect syntax: Too many )'s (%i1) Incorrect syntax: Premature termination of input at ;. (%i1) solve(x^3+7*x^2+7*x-1,x); sqrt(3) %i 1 - 3/2 109 1/3 (%o1) [x = (- ---------- - -) (3 sqrt(373) %i - ---) 2 2 27 sqrt(3) %i 1 28 (---------- - -) 2 2 7 + -------------------------------- - -, - 3/2 109 1/3 3 9 (3 sqrt(373) %i - ---) 27 sqrt(3) %i 1 - 3/2 109 1/3 x = (---------- - -) (3 sqrt(373) %i - ---) 2 2 27 sqrt(3) %i 1 28 (- ---------- - -) 2 2 7 + -------------------------------- - -, - 3/2 109 1/3 3 9 (3 sqrt(373) %i - ---) 27 - 3/2 109 1/3 28 7 x = (3 sqrt(373) %i - ---) + -------------------------------- - -] 27 - 3/2 109 1/3 3 9 (3 sqrt(373) %i - ---) 27 (%i2) xmaxima works! and I have installed wxMaxima as well and it is also working. [olivares@localhost ~]$ wxmaxima bash: wxmaxima: command not found [olivares@localhost ~]$ su - Password: [root@localhost ~]# yum install wxMaxima Loading "skip-broken" plugin Loading "refresh-updatesd" plugin development 100% |=========================| 2.1 kB 00:00 texlive 100% |=========================| 951 B 00:00 Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package wxMaxima.i386 0:0.7.2-4.fc8 set to be updated --> Processing Dependency: libwx_gtk2u_core-2.8.so.0(WXU_2.8) for package: wxMaxima --> Processing Dependency: libwx_gtk2u_adv-2.8.so.0(WXU_2.8) for package: wxMaxima --> Processing Dependency: libwx_gtk2u_xrc-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_gtk2u_adv-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_gtk2u_core-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_baseu_net-2.8.so.0(WXU_2.8) for package: wxMaxima --> Processing Dependency: libwx_gtk2u_aui-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_gtk2u_html-2.8.so.0(WXU_2.8) for package: wxMaxima --> Processing Dependency: libwx_baseu-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_baseu_xml-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_gtk2u_qa-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_gtk2u_html-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_baseu_net-2.8.so.0 for package: wxMaxima --> Processing Dependency: libwx_baseu-2.8.so.0(WXU_2.8) for package: wxMaxima --> Running transaction check ---> Package wxGTK.i386 0:2.8.4-6.fc8 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: wxMaxima i386 0.7.2-4.fc8 development 524 k Installing for dependencies: wxGTK i386 2.8.4-6.fc8 development 4.4 M Transaction Summary ============================================================================= Install 2 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 4.9 M Is this ok [y/N]: y Downloading Packages: (1/2): wxGTK-2.8.4-6.fc8. 100% |=========================| 4.4 MB 00:02 (2/2): wxMaxima-0.7.2-4.f 100% |=========================| 524 kB 00:00 Running rpm_check_debug Running Transaction Test warning: wxGTK-2.8.4-6.fc8: Header V3 DSA signature: NOKEY, key ID 30c9ecf8 Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: wxGTK ######################### [1/2] Installing: wxMaxima ######################### [2/2] Installed: wxMaxima.i386 0:0.7.2-4.fc8 Dependency Installed: wxGTK.i386 0:2.8.4-6.fc8 Complete! it works as regular user: (%i2) wxplot2d([x^2], [x,-5,5], [gnuplot_preamble, "set grid;"])$Maxima encountered a Lisp error: Error during processing of --eval option "(cl-user::run)": c-string decoding error (:external-format :UTF-8): the octet sequence 1 cannot be decoded.Automatically continuing.To reenable the Lisp debugger set *debugger-hook* to nil.(%i3) solve([x^2+5x-6], [x]);Incorrect syntax: X is not an infix operatorsolve([x^2+5x- ^(%i3) solve([x^2+5*x+6], [x]); (%o3) [x=-3,x=-2](%i4) This bug appears to be fixed. Now I guess it is your call. There are other bugs. Will get to them later. Regards, Antonio
Ok I am changing /usr/bin/sbcl -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) And /usr/lib/maxima/[^/]+/binary-gcl/maxima -- gen_context(system_u:object_r:textrel_shlib_t,s0) fixed in selinux-policy-3.0.8-11
confirmed, works as advertised.