Bug 392381 - SELinux is preventing /usr/lib/firefox-2.0.0.5/firefox-bin from loading /opt/Adobe/Reader8/Browser/intellinux/nppdf.so which requires text relocation.
SELinux is preventing /usr/lib/firefox-2.0.0.5/firefox-bin from loading /opt/...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-20 09:10 EST by Daryl Hochhalter
Modified: 2008-01-30 14:06 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 14:06:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daryl Hochhalter 2007-11-20 09:10:05 EST
Description of problem:
The /usr/lib/firefox-2.0.0.5/firefox-bin application attempted to load
/opt/Adobe/Reader8/Browser/intellinux/nppdf.so which requires text relocation.
This is a potential security problem. Most libraries do not need this
permission. Libraries are sometimes coded incorrectly and request this
permission. The SELinux Memory Protection Tests web page explains how to remove
this requirement. You can configure SELinux temporarily to allow
/opt/Adobe/Reader8/Browser/intellinux/nppdf.so to use relocation as a
workaround, until the library is fixed. Please file a bug report against this
package.

Version-Release number of selected component (if applicable):
Source Context:  user_u:system_r:unconfined_tTarget
Context:  system_u:object_r:usr_tTarget
Objects:  /opt/Adobe/Reader8/Browser/intellinux/nppdf.so [ file ]Affected RPM
Packages:  firefox-2.0.0.5-1.fc7 [application]AdobeReader_enu-8.1.1-1
[target]Policy RPM:  selinux-policy-2.6.4-42.fc7Selinux Enabled:  TruePolicy
Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin
Name:  plugins.allow_execmodHost Name:  NS1.mapjoin.netPlatform:  Linux
NS1.mapjoin.net 2.6.22.4-65.fc7 #1 SMP Tue Aug 21 22:36:56 EDT 2007 i686
athlonAlert Count:  6First Seen:  Tue 20 Nov 2007 07:54:34 AM CSTLast Seen:  Tue
20 Nov 2007 07:54:34 AM CSTLocal ID:  65357e0f-470c-49db-88e8-69fac9eb46c5Line
Numbers:  

How reproducible:
I've had my system running without changes for some weeks now. I got the error
after turning the computer on and starting firefox.

Steps to Reproduce:
1.start firefox
2.
3.
  
Actual results:
Adobe Reader 8 blocked by selinux

Expected results:


Additional info:
Comment 1 Daniel Walsh 2007-11-26 11:25:35 EST
Fixed in selinux-policy-2.6.4-59.fc7

Do the chcon command that setroubleshoot suggests, for now.
Comment 2 Daniel Walsh 2008-01-30 14:06:50 EST
Bulk closing a old selinux policy bugs that were in the modified state.  If the
bug is still not fixed.  Please reopen.

Note You need to log in before you can comment on or make changes to this bug.