Eric Brunson wrote:
With the latest upgrade of the kernel (2.6.16-1.2080_FC5) my Citrix
client stopped working. Booting into the previous kernel
(2.6.15-1.2054_FC5) will allow me to run it, but in the current kernel
on two machines it segfaults, on the machine I'm on now it gives this
error:
clotho(~)$ /usr/lib/ICAClient/wfica -icaroot /usr/lib/ICAClient
-nosplash -desc hemo1
Error: 75 (E_DYNLOAD_FAILED)
Please refer to the documentation.
Error loading dynamic module:
"/usr/lib/ICAClient/CHARICONV.DLL"
/usr/lib/ICAClient/CHARICONV.DLL: cannot restore segment prot after
reloc: Permission denied
The "Permission denied" led me to try disabling selinux enforcement,
which allowed it to run again. Is there enough information in the
message above for someone to speculate on a policy change that will
allow that dll to load?
chcon -t texrel_shlib_t /usr/lib/ICAClient/CHARICONV.DLL did the trick
on that library, but now I get a popup that it can't find libctxssl.so,
which is in the same directory, /usr/lib/ICACLIENT. I tried adding
"/usr/lib/ICAClient/" to the ld.so.conf and running ldconfig, but it
still claims to be unable to find the .so file. Again, setenforce 0
allows the application to run properly, but setenforce 1 causes the
failure, even though libctxssl.so shows up in ldconfig -p.
Is there something in SELinux policies that interferes with ld.so
searching? Google hasn't turned anything up yet, but I'm still looking.
Thanks,
e.
