Description of problem: Zimbra desktop 2 beta 4 doesn't start on computer, you get the prism window, but after lots of time, it fails Version-Release number of selected component (if applicable): selinux-policy-targeted-3.7.19-47.fc13.noarch How reproducible: Start zimbra desktop and wait to fail Actual results: Zimbra doesn't start Expected results: Zimbra should start as it does with 'setenforce 0' Additional info: This is setroubleshoot alert 'copy to clipboard' contents: Resúmen: SELinux está negando a /opt/zimbra/zdesktop/linux/prism/zdclient "execmod" acceder a /opt/zimbra/zdesktop/linux/prism/xulrunner/libxul.so. Descripción Detallada: [SELinux esta en modo permisivo. Este acceso no fue denegado.] SELinux denied access requested by /opt/zimbra/zdesktop/linux/prism/zdclient. /opt/zimbra/zdesktop/linux/prism/zdclient is mislabeled. /opt/zimbra/zdesktop/linux/prism/zdclient default SELinux type is usr_t, but its current type is usr_t. Changing this file back to the default type, may fix your problem. If you believe this is a bug, please file a bug report against this package. Permitiendo Acceso: You can restore the default system context to this file by executing the restorecon command. restorecon '/opt/zimbra/zdesktop/linux/prism/zdclient'. Comando para Corregir: /sbin/restorecon '/opt/zimbra/zdesktop/linux/prism/zdclient' Información Adicional: Contexto Fuente unconfined_u:unconfined_r:unconfined_t:s0 Contexto Destino system_u:object_r:lib_t:s0 Objetos Destino /opt/zimbra/zdesktop/linux/prism/xulrunner/libxul. so [ file ] Fuente zdclient Dirección de Fuente /opt/zimbra/zdesktop/linux/prism/zdclient Puerto <Desconocido> Nombre de Equipo mine Paquetes RPM Fuentes Paquetes RPM Destinos RPM de Políticas selinux-policy-3.7.19-47.fc13 SELinux Activado True Tipo de Política targeted Modo Obediente Permissive Nombre de Plugin restore_source_context Nombre de Equipo mine Plataforma Linux mine 2.6.33.6-147.2.4.fc13.i686 #1 SMP Fri Jul 23 17:27:40 UTC 2010 i686 i686 Cantidad de Alertas 3 Visto por Primera Vez mié 18 ago 2010 08:10:49 CEST Visto por Última Vez jue 19 ago 2010 08:18:16 CEST ID Local e3b7374f-e324-4b62-957a-549c59a4c7ec Números de Línea Mensajes de Auditoría Crudos node=mine type=AVC msg=audit(1282198696.317:57): avc: denied { execmod } for pid=4558 comm="zdclient" path="/opt/zimbra/zdesktop/linux/prism/xulrunner/libxul.so" dev=dm-1 ino=485003 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file node=mine type=SYSCALL msg=audit(1282198696.317:57): arch=40000003 syscall=125 success=yes exit=0 a0=d86000 a1=1195000 a2=5 a3=bf8cdc80 items=0 ppid=1 pid=4558 auid=11356 uid=11356 gid=11356 euid=11356 suid=11356 fsuid=11356 egid=11356 sgid=11356 fsgid=11356 tty=(none) ses=2 comm="zdclient" exe="/opt/zimbra/zdesktop/linux/prism/zdclient" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
The alert tells you what to do, or you can turn this check off altogether. # setsebool -P allow_execmod 1
Daniel, I've opened the bug because in the past, an updated policy fixed alerts for previous betas (afaik it was on F13 alpha). Should I report it against Zimbra product bugzilla? Thanks Pablo
I guess if they used the standard location it would have worked. Then it would have gotten the correct context. > rpm -qf /usr/lib64/xulrunner-1.9.2/libxul.so xulrunner-1.9.2.4-1.fc14.x86_64 And this version is built correctly not requiring the execmod. ls -lZ /usr/lib64/xulrunner-1.9.2/libxul.so -rwxr-xr-x. root root system_u:object_r:lib_t:s0 /usr/lib64/xulrunner-1.9.2/libxul.so
Opened the bug in Zimbra bugzilla as: https://bugzilla.zimbra.com/show_bug.cgi?id=50815 Thanks
Bug 'fixed' on Zimbra desktop as per: https://bugzilla.zimbra.com/show_bug.cgi?id=50394 Thanks Pablo