Re: OpenOffice now automagically works: One last question...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Fri, 7 Mar 2008 12:05:22 -0500
Therese Trudeau <mswotr@xxxxxxxxxxx> took out a #2 pencil and
scribbled:

> 
> >> I tried re enabling SELinux and OO won't start, so I assume
> >> that I must have SE Linux disabled in order for OpenOffice to
> >> run - is this correct?
> >> 
> >> if correct, is there a way I can still keep my system secure
> >> and run OpenOffice 2.3?
> > 
> > You do not have to keep selinux disabled. You can re-enable it;
> > however, you may get a couple selinux failures. This is what
> > happens on my system when running in Enforcing mode.
> > 
> > 1. Selinux complains about a memory access
> > by /opt/openoffice.org2.3/program/libvclplug_gen680li.so.1.1
> > 
> > 2. Selinux complains about openoffice attempting to change the
> > memory access protection on the heap.
> > 
> > To solve number 1. on my system:
> > sudo chcon -t
> > textrel_shlib_t /opt/openoffice.org2.3/program/libvclplug_gen680li.so.1.1
> > 
> > Please mind the line wrapping. To solve issue 2. on my system:
> > sudo setsebool -P allow_execheap=1
> > 
> > I am not entirely sure that it is wise to perform the second
> > step, as it affects all applications that run on the system. So
> > it seems a bit of a sledgehammer.
> > 
> > To view what selinux is complaining about you may want to
> > install the setroubleshoot package from yum and view what it is
> > complaining about exactly. It will also give you suggestions on
> > how to fix the selinux complaints.
> 
> OK Thanks. I'm wondering if a secure alternative would be to run
> SELinux in permissive mode instead of disabled? 

I would highly suggest running it in permissive mode, and then
taking care of little problems that arise when you start
applications up. I ran into this same issue that you have been
having with OpenOffice, as I run selinux in Enforcing mode.

Selinux doesn't complain too terribly much about my normal
behaviors on my system. YMMV of course.

HTH

Alex White

-- 
ethericalzen@xxxxxxxxx
Life is a prison, death is a release
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux