On Monday 24 April 2006 13:48, Paul Howarth wrote: >On Mon, 2006-04-24 at 13:38 -0400, Gene Heskett wrote: >> From previous remarks made in this and similar threads, I'm >> wondering about the java J2SE I'm currently downloading to that FC5 >> lappy. >> >> In that event, is the correct chcon command: >> chcon -t >> texrel_shlib_t >> /path/to/directory_of_library_being_complained_about/*.so > >Sometimes the directory is shared with other things so that might not > be advisable. > >Try something more along the lines of: > >while app-fails-to-run >do > note failing library filename > chcon -t textrel_shlib_t /path/to/libXYZ.so.number >done Where does one find this info since java normally runs silently? I have copied the java ns7 plugin to the firefox plugins dir, but its still not found, and running firefox from the shell and doing an about:plugins leaves a blank shell when firefox is then quit. >That should just fix the libraries that need fixing. > >Make a note of any libraries that you need to do this for, as it could >help other people if you posted the list is response to queries by > other people, or indeed to bugzilla. > >As a matter of interest, a lot of libraries need this treatment; you > can see the ones SELinux already knows about as follows: > ># semanage fcontext -l | grep textrel here, thats VERY limited [root@diablo ~]# semanage fcontext -l |grep texrel /usr(/.*)?/intellinux/plug_ins/.*\.api regular file system_u:object_r:texrel_shlib_t:s0 /usr(/.*)?/intellinux/nppdf\.so regular file system_u:object_r:texrel_shlib_t:s0 /usr/lib(64)?/libsipphoneapi\.so.* regular file system_u:object_r:texrel_shlib_t:s0 /usr(/.*)?/intellinux/lib/\.so regular file system_u:object_r:texrel_shlib_t:s0 >The first column of output is a regex matching full pathnames. > >Also note that changes to context using "chcon" may get reverted if > the system is relabelled. Setting new defaults for the necessary > files using semanage stops this happening. > >Paul. Looking in the firefox plugins dir after installing j2se-1.5.0.6 and copying the ns7 version of the libhavaplugins.so to /usr/lib/firefox-version/plugins I see: [root@diablo plugins]# ls -lZ -rwxr-xr-x root root root:object_r:lib_t libjavaplugin_oji.so -rwxr-xr-x root root system_u:object_r:textrel_shlib_t libnullplugin.so -rwxr-xr-x root root system_u:object_r:textrel_shlib_t libunixprintplugin.so -rwxr-xr-x root root system_u:object_r:textrel_shlib_t nppdf.so Now, maybe I'm slow this morning, but my reading of the semanage manpage makes no mention of setting a 'default' that a relabel will leave alone. I've used chcon to set libjavaplugin_oji.so to textrel_shlib_t, root@diablo plugins]# ls -lZ -rwxr-xr-x root root root:object_r:textrel_shlib_t libjavaplugin_oji.so -rwxr-xr-x root root system_u:object_r:textrel_shlib_t libnullplugin.so -rwxr-xr-x root root system_u:object_r:textrel_shlib_t libunixprintplugin.so -rwxr-xr-x root root system_u:object_r:textrel_shlib_t nppdf.so but how do I change it from root: to system_u:? (I'm assuming that will allow all users as opposed to just root to use it) And FWIW, This change did not enable java in the firefox plugins listings. And how do we make it permanent in the face of another relabel? -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
