On Dec 14, 2007 11:48 PM, Deepak Shrestha <d88pak@xxxxxxxxx> wrote: > Hi > > I am getting the AVC Denial message from SELinux everytime I use any > piece of program. These are some: > > =================================== > Summary > SELinux is preventing /usr/lib/openoffice.org/program/scalc.bin from > changing the access protection of memory on the heap. > ------------------------------ > Allowing Access > If you want /usr/lib/openoffice.org/program/scalc.bin to continue, you > must turn on the allow_execheap boolean. Note: This boolean will > affect all applications on the system.The following command will allow > this access:setsebool -P allow_execheap=1 > =================================== > Summary > SELinux is preventing /usr/lib/firefox-2.0.0.8/firefox-bin from > loading /usr/lib/firefox-2.0.0.8/plugins/nppdf.so which requires text > relocation. > --------------------------------- > Allowing Access > If you trust /usr/lib/firefox-2.0.0.8/plugins/nppdf.so to run > correctly, you can change the file context to textrel_shlib_t. "chcon > -t textrel_shlib_t /usr/lib/firefox-2.0.0.8/plugins/nppdf.so" You must > also change the default file context files on the system in order to > preserve them even on a full relabel. "semanage fcontext -a -t > textrel_shlib_t /usr/lib/firefox-2.0.0.8/plugins/nppdf.so"The > following command will allow this access:chcon -t textrel_shlib_t > /usr/lib/firefox-2.0.0.8/plugins/nppdf.so > =================================== > Summary > SELinux is preventing /usr/bin/konqueror from changing the access > protection of memory on the heap. > -------------------------------- > Allowing Access > If you want /usr/bin/konqueror to continue, you must turn on the > allow_execheap boolean. Note: This boolean will affect all > applications on the system.The following command will allow this > access:setsebool -P allow_execheap=1 > ================================== > > So what are all these messages?? and should I allow this action as suggested??? > > Thanks > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > Hi Deepak Shrestha! SELinux (selinux - NSA Security-Enhanced Linux - see: man selinux) creates a more secure computing environment by making it harder to mis-use the environment (use it as a hacker would). I would ask myself some questions: Am I able to do all of the things I want to with the program? If so, I would recommend that you do nothing except consider implementing any updates that may come along and hopefully make false denials less common. I do see SELinux denials on my machine but they are not preventing me from doing anything that I want to do so I would rather have a bit extra protection than a flag free life. I also have the "plugins/nppdf.so" denial which is apparently tied to Adobe reader. The denial flag pops whenever I tell Firefox to read a PDF, but, Adobe Reader comes up fine in Firefox anyway. So I am happy. Do I know where the software comes from mentioned in the denial, and what it is trying to do? You may be catching a hacker in the act, hopefully preventing him from controlling your machine or otherwise causing harm. Take part of the denial (such as the "plugins/nppdf.so" I mentioned from above) and Google it. Often you will find others dealing with the same issue and be able to find out if what you have is a problem or simply an inconvenience. For myself I am happy to leave things as they are if they work, and hope they will work better in the future. Have Fun! Tod
