Re: selinux throwing incomprehensible errors when trying to run GoogleEardh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/26/2010 08:25 AM, Claude Jones wrote:
> On Mon July 26 2010, Daniel J Walsh wrote:
>> On 07/26/2010 01:27 AM, Claude Jones wrote:
>>> It seems to be saying that the directory access requested
>>> requires labeling as usr_t, but its current type is usr_t --
>>> it requires usr_t but it's currently labeled usr_t -- there
>>> appears to confusion here on the part of Selinux, no? I've
>>> tried applying the recommended fix, but the recommended fix
>>> just resets the labelling to what it already is, and I'm
>>> going round in circles
>>>
>>> Summary:
>>>
>>> SELinux is preventing /opt/google-earth/googleearth-bin
>>> "execmod" access to
>>> /opt/google-earth/libIGGfx.so.
>>>
>>> Detailed Description:
>>>
>>> SELinux denied access requested by
>>> /opt/google-earth/googleearth- bin.
>>> /opt/google-earth/googleearth-bin is mislabeled.
>>> /opt/google-earth/googleearth-bin default SELinux type is
>>> usr_t, but its current
>>> type is usr_t. Changing this file back to the default type,
>>> may fix your
>>> problem.
>>
>> Run
>>
>> restorecon -R -v /opt
>>
>> Should fix the labels.
> 
> Thanks, Dan. That did something, and I got a little further, with 
> the GoogleEarth splash screen displaying for the first time, but 
> then it closed out, and the actual program never started, and I 
> got another SeAlert message:
> 
> 
> Summary:
> 
> SELinux is preventing /opt/google-earth/googleearth-bin "execmod" 
> access to
> /opt/google-earth/libIGGfx.so.
> 
> Detailed Description:
> 
> SELinux denied access requested by /opt/google-earth/googleearth-
> bin.
> /opt/google-earth/googleearth-bin is mislabeled.
> /opt/google-earth/googleearth-bin default SELinux type is usr_t, 
> but its current
> type is usr_t. Changing this file back to the default type, may 
> fix your
> problem.
> 
> If you believe this is a bug, please file a bug report against 
> this package.
> 
> Allowing Access:
> 
> You can restore the default system context to this file by 
> executing the
> restorecon command. restorecon '/opt/google-earth/googleearth-
> bin'.
> 
> Fix Command:
> 
> /sbin/restorecon '/opt/google-earth/googleearth-bin'
> 
> Additional Information:
> 
> Source Context                
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
>                               023
> Target Context                unconfined_u:object_r:usr_t:s0
> Target Objects                /opt/google-earth/libIGGfx.so [ file 
> ]
> Source                        googleearth-bin
> Source Path                   /opt/google-earth/googleearth-bin
> Port                          <Unknown>
> Host                          tehogee.localdomain
> Source RPM Packages           
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.7.19-39.fc13
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Plugin Name                   restore_source_context
> Host Name                     tehogee.localdomain
> Platform                      Linux tehogee.localdomain 
> 2.6.33.6-147.fc13.x86_64
>                               #1 SMP Tue Jul 6 22:32:17 UTC 2010 
> x86_64 x86_64
> Alert Count                   8
> First Seen                    Sun 25 Jul 2010 08:59:32 PM EDT
> Last Seen                     Mon 26 Jul 2010 01:19:13 AM EDT
> Local ID                      d0b51729-0e62-41e0-9c03-ff177cd4e671
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=tehogee.localdomain type=AVC msg=audit(1280121553.393:24981): 
> avc:  denied  { execmod } for  pid=21349 comm="googleearth-bin" 
> path="/opt/google-earth/libIGGfx.so" dev=sdb3 ino=1313604 
> scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 
> tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
> 
> node=tehogee.localdomain type=SYSCALL 
> msg=audit(1280121553.393:24981): arch=40000003 syscall=125 
> success=no exit=-13 a0=8462000 a1=370000 a2=5 a3=ffb78460 items=0 
> ppid=18875 pid=21349 auid=500 uid=500 gid=500 euid=500 suid=500 
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=208 
> comm="googleearth-bin" exe="/opt/google-earth/googleearth-bin" 
> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 
> key=(null)
> 
> 
> 
> 
Easiest thing to do is turn off the check.

# setsebool -P allow_execmod 1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxNrFkACgkQrlYvE4MpobPFPQCgmj2GhMfyM8MnmJ8h1XMH2XjZ
m1kAnA+lMu0E4hKNEMntWa744I9QKm+C
=oBrc
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux