On Sun, 2006-04-09 at 20:43 +0200, Jon Ingason wrote: > Paul Howarth wrote: > > On Sun, 2006-04-09 at 11:41 +0200, Jon Ingason wrote: > > > >>Paul Smith wrote: > >> > >>>On 4/9/06, Jon Ingason <Jon.Ingason@xxxxxxxxx> wrote: > >>> > >>> > >>>>I did just software update of FC5 and got problem with acroread as follows: > >>>> > >>>>$ acroread > >>>>/usr/local/Adobe/Acrobat7.0/Reader/intellinux/bin/acroread: error while > >>>>loading shared libraries: > >>>>/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libJP2K.so: cannot > >>>>restore segment prot after reloc: Permission denied > >>>>$ > >>>> > >>>>Acroread worked before the update. I disabled the SELinux and then it > >>>>worked. What should I do to get i working with SELinux? > >>> > >>> > >>>Jon, see the thread > >>> > >>>http://marc.theaimsgroup.com/?l=fedora-list&m=114392514803711&w=2 > >>> > >>>Paul > >>> > >> > >>Yes thanks, this solved my problem. But I wandering what caused this > >>problem. I did following: > >># semanage fcontext -l|more > >>SELinux fcontext type > >>Context > >> > >>. > >>. > >>. > >>/usr/lib(64)?/libHermes\.so.* regular file > >>system_u:object_r:textrel_shlib_t:s0 > >>/usr(/.*)?/Reader/intellinux/SPPlugins/ADMPlugin\.apl regular file > >> system_u:object_r:textrel_shlib_t:s0 > >>/usr/local/.*\.so(\.[^/]*)* regular file > >>system_u:object_r:shlib_t:s0 > >>------------------^^^^^^^^^^ > >>This seems to be stange. Should it not be "textrel_shlib_t" instead of > >>"shlib_t"? > > > > > > Maybe you're misreading the output. There are three separate objects > > shown: > > > > /usr/lib(64)?/libHermes\.so.* > > regular file > > system_u:object_r:textrel_shlib_t:s0 > > > > This one marks libHermes\.so.* under /usr/lib or /usr/lib64 as > > textrel_shlib_t > > > > /usr(/.*)?/Reader/intellinux/SPPlugins/ADMPlugin\.apl > > regular file > > system_u:object_r:textrel_shlib_t:s0 > > > > This one marks Reader/intellinux/SPPlugins/ADMPlugin.apl anywhere > > under /usr as being textrel_shlib_t > > > > /usr/local/.*\.so(\.[^/]*)* > > regular file > > system_u:object_r:shlib_t:s0 > > > > This one marks any .so* file under /usr/local as being shlib_t > > Yes, I undersand that. But shouldn't it be textrel_shlib_t instead of > shlib_t? Because for acroread to work I was forced to change this for > lib files in /usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/ and apl > files in /usr/local/Adobe/Acrobat7.0/Reader/intellinux/SPPlugins/. Ah, so the standard policy is incomplete. I think the fix should be to mark: /usr(/.*)?/Reader/intellinux/SPPlugins/[^/]*\.apl and /usr(/.*)?/Reader/intellinux/lib/.*\.so(\.[^/]*)* as textrel_shlib_t rather than every library under /usr/local though. Worth a bugzilla I'd say. Paul.
