Bug 815697 - Adobe Reader not working
Adobe Reader not working
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
17
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 815787 815852
  Show dependency treegraph
 
Reported: 2012-04-24 05:52 EDT by Susi Lehtola
Modified: 2012-04-24 15:07 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 815787 815852 (view as bug list)
Environment:
Last Closed: 2012-04-24 10:06:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Susi Lehtola 2012-04-24 05:52:31 EDT
Adobe Reader is not working in Fedora 17.

$ acroread
/opt/Adobe/Reader9/Reader/intellinux/bin/acroread: error while loading shared libraries: libcrypto.so.0.9.8: cannot enable executable stack as shared object requires: Permission denied

$ ls -lhZ /opt/Adobe/Reader9/Reader/intellinux/bin/
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       acroread
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       SynchronizerApp
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       SynchronizerApp-binary
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-desktop-icon
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-desktop-menu
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-email
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-icon-resource
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-mime
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-open
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-user-dir
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-user-dirs-update

Strangely, chcon does not seem to have any effect:

$ sudo chcon -t execmem_exec_t /opt/Adobe/Reader9/Reader/intellinux/bin/acroread
$ ls -lhZ /opt/Adobe/Reader9/Reader/intellinux/bin/
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       acroread
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       SynchronizerApp
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       SynchronizerApp-binary
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-desktop-icon
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-desktop-menu
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-email
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-icon-resource
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-mime
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-open
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-user-dir
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       xdg-user-dirs-update
Comment 1 Miroslav Grepl 2012-04-24 10:06:41 EDT
Did you see sealert to this issue? If not, try to check it. It will tell you what to do.

basically you can try to clear execstack flag or change a label.
Comment 2 Susi Lehtola 2012-04-24 12:18:20 EDT
sealert advises to use execstack, to set allow_execstack, or to report a bug.

Acroread works after installing the generated SELinux module file.
Comment 3 Daniel Walsh 2012-04-24 14:18:50 EDT
Did you try to see if Adobe has shipped an executable that is marked as needing execstack even though it does not?
Comment 4 Daniel Walsh 2012-04-24 14:19:49 EDT
You would be more secure without turning on the allow_execstack boolean, but sadly there are lots of apps that mistakenly think they need it or some that actually do.
Comment 5 Susi Lehtola 2012-04-24 15:07:01 EDT
(In reply to comment #4)
> You would be more secure without turning on the allow_execstack boolean, but
> sadly there are lots of apps that mistakenly think they need it or some that
> actually do.

I installed the module file generated with sealert's help (in the bug report section), so I didn't turn the boolean on.

Note You need to log in before you can comment on or make changes to this bug.