Bug 327511 - Geomview needs SELinux stuffs
Geomview needs SELinux stuffs
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: geomview (Show other bugs)
rawhide
All Linux
medium Severity high
: ---
: ---
Assigned To: Rex Dieter
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-11 07:41 EDT by Laurent Rineau
Modified: 2008-01-09 08:35 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-09 08:31:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Execstack selinux alert about geomview. (3.09 KB, text/plain)
2007-10-11 07:41 EDT, Laurent Rineau
no flags Details
execmem selinux alter about geomview (2.62 KB, text/plain)
2007-10-11 07:42 EDT, Laurent Rineau
no flags Details

  None (edit)
Description Laurent Rineau 2007-10-11 07:41:03 EDT
Hi Rex,

It seems that Geomview needs some selinux special permissions. I am running 
rawhide with SELinux in "permissive" mode. The new applet sealert is alerting 
me that Geomview does bad stuffs. I will attach two alert log files...

Version-Release number of selected component (if applicable):
lrineau@schtroumpf ~ $ rpm -qa \*geomview\* \*selinux\* | sort
geomview-1.9.4-4.fc8
libselinux-2.0.37-1.fc8
libselinux-devel-2.0.37-1.fc8
libselinux-python-2.0.37-1.fc8
selinux-policy-3.0.8-18.fc8
selinux-policy-targeted-3.0.8-18.fc8

How reproducible:
Launch geomview, with /usr/sbin/setroubleshootd and /usr/bin/sealert running.
Comment 1 Laurent Rineau 2007-10-11 07:41:03 EDT
Created attachment 224211 [details]
Execstack selinux alert about geomview.
Comment 2 Laurent Rineau 2007-10-11 07:42:07 EDT
Created attachment 224221 [details]
execmem selinux alter about geomview
Comment 3 Laurent Rineau 2007-10-11 07:44:05 EDT
I know almost nothing about SELinux. I activated the "permissive" mode 
(instead of "disabled") to see what it does.

Maybe there is a SELinux SIG that could help you with that bug. The alert log 
files seem to propose a solution, anyway.
Comment 4 Rex Dieter 2007-11-28 10:27:21 EST
I'm unable to reproduce this running in targetted/enforcing mode.  

Was this a clean install or upgrade?
Can you confirm whether this issue still exists?

If so, try forcing a relabel
touch /.autorelabel
and reboot
and see if problem persists.
Comment 5 Laurent Rineau 2008-01-09 08:31:48 EST
(In reply to comment #4)
> I'm unable to reproduce this running in targetted/enforcing mode.  
> 
> Was this a clean install or upgrade?
> Can you confirm whether this issue still exists?

Sorry for my long silence. I have defended my Ph.D thesis (successfully), then 
got hollydays, then got a new job.

It was a F8, upgraded from a F8t3. Yesterday I reactived SELinux in permissive 
mode, which triggered the relabelling of my filesystem. What is more, packages 
have been upgraded:
lrineau@schtroumpf ~ $ rpm -qa \*geomview\* \*selinux\* | sort
geomview-1.9.4-5.fc8
libselinux-2.0.43-1.fc8
libselinux-devel-2.0.43-1.fc8
libselinux-python-2.0.43-1.fc8
selinux-policy-3.0.8-73.fc8
selinux-policy-devel-3.0.8-73.fc8
selinux-policy-mls-3.0.8-72.fc8

I am not longer able to reproduce the bug. The upgrading of packages or the 
relabelling have fixed it.
Comment 6 Rex Dieter 2008-01-09 08:35:21 EST
thx.
Comment 7 Rex Dieter 2008-01-09 08:35:48 EST
oh, and congrats, by the way. :)

Note You need to log in before you can comment on or make changes to this bug.