Re: Latest Seamonkey update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jakub Jelinek wrote:

On Tue, Aug 15, 2006 at 07:30:25PM -0400, Jim Cornette wrote:

locate libxpcom_core.so
/usr/lib/firefox-1.5.0.6/libxpcom_core.so
/usr/lib/seamonkey-1.0.4/libxpcom_core.so
/usr/lib/thunderbird-1.5.0.5/libxpcom_core.so
# ls -lZ /usr/lib/firefox-1.5.0.6/libxpcom_core.so
-rwxr-xr-x  root root system_u:object_r:textrel_shlib_t
# ls -lZ /usr/lib/seamonkey-1.0.4/libxpcom_core.so
-rwxr-xr-x  root root system_u:object_r:lib_t
# ls -lZ /usr/lib/thunderbird-1.5.0.5/libxpcom_core.so
-rwxr-xr-x  root root system_u:object_r:textrel_shlib_t
I don't mind the browser being replaced with an individual application vs a suite of integrated applications for email, browsing and editing. I miss the missing editing feature the most.
How in the world do you get seamonkey and its corresponding .so files into the selinux fold? Or better yet, are there guidelines and assistance given to the Fedora-Extras maintainer that allow their rpms to set items to the needed SELinux content, in order to work out of the box? 

Best cure is avoid DT_TEXTREL shared libraries.  Even on the platforms
that (in a limited way) allow them, they are very costly and insecure.
See
http://people.redhat.com/drepper/textrelocs.html
for details.  If you fix it up, you don't need any special selinux policy
changes.

	Jakub
This particular library outputs the below. Running with the eu-readelf -d /usr/lib/seamonkey-1.0.4/libxpcom_core.so shows TEXTREL as blank. I don't understand anything regarding the output. I do know that SELinux does not like libxpcom_core.so I am reading the material that you posted a link to. When (or if) I grasp the concept, I'll at least follow-up on filing a bug report against the culpret.
type=AVC msg=audit(1155606650.228:25): avc: denied { execmod } for pid=2544 comm="seamonkey-bin" name="libxpcom_core.so" dev=dm-0 ino=1901000 scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file 


Dynamic segment contains 34 entries:
 Addr: 0x000d0ed4  Offset: 0x0d0ed4  Link to section: [ 3] '.dynstr'
  Type              Value
  NEEDED            Shared library: [libplds4.so]
  NEEDED            Shared library: [libplc4.so]
  NEEDED            Shared library: [libnspr4.so]
  NEEDED            Shared library: [libpthread.so.0]
  NEEDED            Shared library: [libdl.so.2]
  NEEDED            Shared library: [libstdc++.so.6]
  NEEDED            Shared library: [libm.so.6]
  NEEDED            Shared library: [libgcc_s.so.1]
  NEEDED            Shared library: [libc.so.6]
  SONAME            Library soname: [libxpcom_core.so]
  INIT              0x0002160c
  FINI              0x00099fb4
  HASH              0x000000d4
  STRTAB            0x00008f74
  SYMTAB            0x00002a44
  STRSZ             56143 (bytes)
  SYMENT            16 (bytes)
  PLTGOT            0x000d109c
  PLTRELSZ          4984 (bytes)
  PLTREL            REL
  JMPREL            0x00020294
  REL               0x0001787c
  RELSZ             35352 (bytes)
  RELENT            8 (bytes)
  TEXTREL
  VERNEED           0x0001776c
  VERNEEDNUM        5
  VERSYM            0x00016ac4
  RELCOUNT          1889
  NULL
  NULL
  NULL
  NULL
  NULL
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux