Bug 448052 - updated system on 5-22-08. kernel and openoffice updated fc7
updated system on 5-22-08. kernel and openoffice updated fc7
Status: CLOSED DUPLICATE of bug 364871
Product: Fedora
Classification: Fedora
Component: openoffice.org (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Caolan McNamara
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-05-23 02:43 EDT by Jeff Smith
Modified: 2008-05-30 08:07 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-30 08:07:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jeff Smith 2008-05-23 02:43:41 EDT
Description of problem:
updated did a full update one month after last update and it updated the kernel
and openoffice on fc7 AMD system

Version-Release number of selected component (if applicable):
openoffice.org-impress - 1:2.3.0-6.8.fc7.i386 
kernel - 
kernel-devel -
kernel-headers -
plus others

How reproducible:

Steps to Reproduce:
1. starting ooo.org presentation 
Actual results:
blocked by SELinux

Expected results:
ooo.org software not to access the memory heap.

Additional info:
Source Context:  user_u:system_r:unconfined_execmem_t
Target Context:  user_u:system_r:unconfined_execmem_t
Target Objects:  None [ process ]
Affected RPM Packages:  openoffice.org-impress-2.3.0-6.8.fc7 [application]
Policy RPM:  selinux-policy-2.6.4-70.fc7
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  plugins.allow_execheap
Host Name:  localhost.localdomain
Platform:  Linux localhost.localdomain #1 SMP Thu May 15
00:35:10 EDT 2008 i686 athlon
Alert Count:  1
First Seen:  Thu 22 May 2008 11:22:33 PM PDT
Last Seen:  Thu 22 May 2008 11:27:04 PM PDT
Local ID:  73d8dc12-f9c1-4b19-a63a-388539a4b6f9
Line Numbers:  

Raw Audit Messages :
avc: denied { execheap } for comm="simpress.bin" egid=500 euid=500
exe="/usr/lib/openoffice.org/program/simpress.bin" exit=-13 fsgid=500 fsuid=500
gid=500 items=0 pid=2958 scontext=user_u:system_r:unconfined_execmem_t:s0
sgid=500 subj=user_u:system_r:unconfined_execmem_t:s0 suid=500 tclass=process
tcontext=user_u:system_r:unconfined_execmem_t:s0 tty=(none) uid=500
Comment 1 Tomas Hoger 2008-05-23 03:04:32 EDT
Situations when SELinux policy prevents application from correct operation are
not security vulnerabilities, but rather bug in policy or application.

There does not seem to be any recent change in F7 selinux policy packages. 
Possibly some regression in kernel execmem handling code?  Have you tried
booting to previous kernel?
Comment 2 Daniel Walsh 2008-05-23 15:36:58 EDT
execheap is an unusual thing to do and is probably a bug in open office.  You
can allow this via allow_execheap boolean.
Comment 3 Caolan McNamara 2008-05-23 15:55:12 EDT
The number 1 reason to see this is having a 3rd party X driver which comes
bundled with some opengl libraries where it is *those* libraries that cause the
problem rather than a bug in openoffice.org. 

Do you have a nvidia binary driver, or something of that nature ?
Comment 4 Caolan McNamara 2008-05-24 09:50:59 EDT
So what X driver are you using ? i.e. I suspect this is a duplicate of bug 364871
Comment 5 Caolan McNamara 2008-05-30 08:07:09 EDT
I'm extraordinarily confident that this is related to some replacement opengl
libraries installed when e.g. a nvidia propitiatory driver was installed. And is
is those libraries that cause the selinux error.

*** This bug has been marked as a duplicate of 364871 ***

Note You need to log in before you can comment on or make changes to this bug.