Description of problem: SELinux prevents Google Earth from start after install. Unsure if this is a bug with SELinux or with Google Earth, but bug report link from SELinux linked here. Version-Release number of selected component (if applicable): Unknown, unable to start googleearth to find out How reproducible: Easily. Requires install of Google Earth. Steps to Reproduce: 1. Open Terminal 2. wget http://dl.google.com/earth/client/current/GoogleEarthLinux.bin 3. sh GoogleEarthLinux.bin 4. Follow install instructions 5. Start GoogleEarth after install, or try to do anything with it at all for that matter. Actual results: GoogleEarth prevented from running entirely, even to access help files. AVC Denial from SELinux. Expected results: GoogleEarth to run. Additional info: Report from SELinux: Summary: SELinux is preventing googleearth-bin from loading /opt/google-earth/libminizip.so which requires text relocation. Detailed Description: The googleearth-bin application attempted to load /opt/google-earth/libminizip.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /opt/google-earth/libminizip.so to use relocation as a workaround, until the library is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Allowing Access: If you trust /opt/google-earth/libminizip.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/opt/google-earth/libminizip.so'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/opt/google-earth/libminizip.so'" Fix Command: chcon -t textrel_shlib_t '/opt/google-earth/libminizip.so' Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0 Target Context unconfined_u:object_r:usr_t:s0 Target Objects /opt/google-earth/libminizip.so [ file ] Source googleearth-bin Source Path /opt/google-earth/googleearth-bin Port <Unknown> Host Vicki-laptop Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.5.13-38.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name allow_execmod Host Name Vicki-laptop Platform Linux Vicki-laptop 2.6.27.9-159.fc10.i686 #1 SMP Tue Dec 16 15:12:04 EST 2008 i686 i686 Alert Count 2 First Seen Wed 21 Jan 2009 03:33:47 PM EST Last Seen Wed 21 Jan 2009 03:44:51 PM EST Local ID 0fa33577-d772-4de5-8f35-85078872b13e Line Numbers Raw Audit Messages node=Vicki-laptop type=AVC msg=audit(1232570691.203:104): avc: denied { execmod } for pid=17729 comm="googleearth-bin" path="/opt/google-earth/libminizip.so" dev=dm-0 ino=453376 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file node=Vicki-laptop type=SYSCALL msg=audit(1232570691.203:104): arch=40000003 syscall=125 success=no exit=-13 a0=1328000 a1=6000 a2=5 a3=bffe6860 items=0 ppid=7069 pid=17729 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="googleearth-bin" exe="/opt/google-earth/googleearth-bin" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
This is the bug with Google Earth. They have built their libraries incorrectly. You can get the default SELinux security context for your information: # matchpathcon /opt/google-earth/libminizip.so Execute: # restorecon -R -v /opt/google-earth/ Should fix it.