Description of problem: Cannot open MATLAB R2008a unless I override specific selinux settings. Version-Release number of selected component (if applicable): MATLAB R2008a, redhat EL5.3 How reproducible: Any time I try to open Matlab Steps to Reproduce: 1. open terminal window and go to csh 2. setenv MATLAB_JAVA /usr/local/matlab2008a/sys/java/jre/glnxa64/jre1.6.0_07 3. type matlab Actual results: SELinux is preventing MATLAB from loading /usr/local/matlab2008a/bin/glnxa64/libguide.so which requires text relocation. Matlab doesn't open Expected results: Matlab should open Additional info: I copied from selinux warning window; setroubleshoot browser: SELinux is preventing MATLAB from loading /usr/local/matlab2008a/bin/glnxa64/libguide.so which requires text relocation. Detailed DescriptionThe MATLAB application attempted to load /usr/local/matlab2008a/bin/glnxa64/libguide.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/local/matlab2008a/bin/glnxa64/libguide.so to use relocation as a workaround, until the library is fixed. Please file a bug report against this package. Allowing AccessIf you trust /usr/local/matlab2008a/bin/glnxa64/libguide.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/usr/local/matlab2008a/bin/glnxa64/libguide.so'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/usr/local/matlab2008a/bin/glnxa64/libguide.so'" The following command will allow this access:chcon -t textrel_shlib_t '/usr/local/matlab2008a/bin/glnxa64/libguide.so'Additional InformationSource Context: user_u:system_r:java_t:SystemLow-SystemHighTarget Context: system_u:object_r:lib_tTarget Objects: /usr/local/matlab2008a/bin/glnxa64/libguide.so [ file ]Source: MATLABSource Path: /usr/local/matlab2008a/bin/glnxa64/MATLAB ort: <Unknown>Host: ren.usno.navy.milSource RPM Packages: Target RPM Packages: Policy RPM: selinux-policy-2.4.6-203.el5Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: allow_execmodHost Name: ren.usno.navy.milPlatform: Linux ren.usno.navy.mil 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 x86_64Alert Count: 6First Seen: Thu 05 Feb 2009 05:53:52 PM ESTLast Seen: Mon 23 Feb 2009 08:48:44 AM ESTLocal ID: ab564cf8-23fb-4ce8-b587-0b3094ce355bLine Numbers: Raw Audit Messages :host=ren.usno.navy.mil type=AVC msg=audit(1235396924.278:179621): avc: denied { execmod } for pid=21410 comm="MATLAB" path="/usr/local/matlab2008a/bin/glnxa64/libguide.so" dev=dm-3 ino=787593 scontext=user_u:system_r:java_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file host=ren.usno.navy.mil type=SYSCALL msg=audit(1235396924.278:179621): arch=c000003e syscall=10 success=no exit=-13 a0=2ae526989000 a1=59000 a2=5 a3=2ae52698fc88 items=0 ppid=21297 pid=21410 auid=503 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=pts2 ses=537 comm="MATLAB" exe="/usr/local/matlab2008a/bin/glnxa64/MATLAB" subj=user_u:system_r:java_t:s0-s0:c0.c1023 key=(null)
Execute the chcon command as suggested to allow your app to work chcon -t textrel_shlib_t /usr/local/matlab2008a/bin/glnxa64/*.so I will make this the default labeling in RHEL5.4 Fixed in selinux-policy-2.4.6-215.el5
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1242.html