Fedora Users — Re: Selinux attacks acroread again

Paul Smith wrote:

On 4/13/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote:

Thanks, Paul. Done so and subsequently:

# chcon -t texrel_shlib_t
/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libJP2K.so
# chcon -t texrel_shlib_t
/usr/local/Adobe/Acrobat7.0/Reader/intellinux/lib/libCoolType.so

Acroread shows up, but reporting errors while loading a bunch of
plugins. Any ideas?

Did you do:

/usr/sbin/semanage fcontext -a -t textrel_shlib_t \
'/usr/local/Adobe/Acrobat7.0/Reader/intellinux/SPPlugins/.*\.apl'

/usr/sbin/semanage fcontext -a -t textrel_shlib_t \
'/usr/local/Adobe/Acrobat7.0/Reader/intellinux/plug_ins/.*\.api'

before the restorecon?

What's the output of:

$ ls -lZ /usr/local/Adobe/Acrobat7.0/Reader/intellinux/*/*.ap*

Yes, I did that before restorecon.

# ls -lZ /usr/local/Adobe/Acrobat7.0/Reader/intellinux/*/
*.ap*
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/Accessibility.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/Annots.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/checkers.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/DigSig.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/EFS.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/EScript.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t /usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/ewh.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/LegalPDF.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/MakeAccessible.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/PDDom.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/PPKLite.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/SaveAsRTF.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/SearchFind.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/SendMail.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/SOAP.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/Spelling.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/plug_ins/wwwlink.api
-rwxr-xr-x  root     root     system_u:object_r:textrel_shlib_t
/usr/local/Adobe
/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl

They all look ok; does it work with SELinux in permissive mode?

Try:
# setenforce 0

If it still doesn't work, the problem's not SELinux.

If it does, look for the SELinux denials in /var/log/messages or
/var/log/audit/audit.log

# setforce 1
will turn enforcing mode back on.


Yes, 'setenforce 0' does make a difference. How can I quickly do the
suggested inspection into var/log/messages and
/var/log/audit/audit.log?


Try:

# grep -F 'avc:  denied' /var/log/audit/audit.log /var/log/messages

Note that there are two spaces between "avc:" and "denied".

This will probably produce a lot of output. Please try to trim it downthe last bits that appear relevant to the problem.


Paul.