Summary: SELinux is preventing midori from loading /usr/lib/midori/libcolorful-tabs.so which requires text relocation. Detailed Description: The midori application attempted to load /usr/lib/midori/libcolorful-tabs.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/midori/libcolorful-tabs.so to use relocation as a workaround, until the library is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Allowing Access: If you trust /usr/lib/midori/libcolorful-tabs.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/usr/lib/midori/libcolorful-tabs.so'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/usr/lib/midori/libcolorful-tabs.so'" Fix Command: chcon -t textrel_shlib_t '/usr/lib/midori/libcolorful-tabs.so' Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context system_u:object_r:lib_t:s0 Target Objects /usr/lib/midori/libcolorful-tabs.so [ file ] Source midori Source Path /usr/bin/midori Port <Unknown> Host localhost.localdomain Source RPM Packages midori-0.1.5-1.fc11 Target RPM Packages midori-0.1.5-1.fc11 Policy RPM selinux-policy-3.6.12-39.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name allow_execmod Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.29.4-167.fc11.i586 #1 SMP Wed May 27 17:14:37 EDT 2009 i686 i686 Alert Count 1 First Seen Wed 10 Jun 2009 09:35:58 PM BST Last Seen Wed 10 Jun 2009 09:35:58 PM BST Local ID 69411c02-b573-4fe0-bd7e-d64b5adbc4bf Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1244666158.223:62): avc: denied { execmod } for pid=11878 comm="midori" path="/usr/lib/midori/libcolorful-tabs.so" dev=sda7 ino=75991 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file node=localhost.localdomain type=SYSCALL msg=audit(1244666158.223:62): arch=40000003 syscall=125 success=no exit=-13 a0=4a3000 a1=a000 a2=5 a3=bfc08c70 items=0 ppid=1 pid=11878 auid=501 uid=501 gid=502 euid=501 suid=501 fsuid=501 egid=502 sgid=502 fsgid=502 tty=(none) ses=1 comm="midori" exe="/usr/bin/midori" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
i get the same error about /usr/lib/midori/libmouse-gestures.so /usr/lib/midori/libtab-panel.so /usr/lib/midori/libstatusbar-features.so /usr/lib/midori/libpage-holder.so
Please report this as a bug to the midori people to build their shared libraries with -PIC flag. Badly built libraries can cause the access. Include this link http://people.redhat.com/drepper/selinux-mem.html chcon -t textrel_shlib_t '/usr/lib/midori/*so*' Should fix the labels for now and allow this to work. I will update selinux policy to add this label.
Fixed in selinux-policy-3.6.12-49.fc11