Re: OpenOffice.org 1.9.100

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 13 May 2005 09:25:50 +0200, Aurelien Bompard said:
> Hi,
> 
> Just so that you know, the OpenOffice 1.9.100 rpms from www.openoffice.org
> won't run on FC3 because of SELinux:
> audit(1115968252.998:0): avc:  denied  { execmod } for  pid=9833
> comm=soffice.bin
> path=/opt/openoffice.org1.9.100/program/libicudata.so.26.0.1 dev=sda2
> ino=308509 scontext=user_u:system_r:unconfined_t
> tcontext=system_u:object_r:usr_t tclass=file

This of course fails in the same basic manner under 'strict', except it's no
longer an unconfined_t....

> What should we tell the upstream rpm maintainters so that their packages
> work on FC3 ? The packages used to work in an earlier version (1.9.73 I
> think). It's also possible that a policy update caused it, I'm not sure, I
> didn't use them very often.
> 
> Is there something we can do to fix it, or is it only in the hands of the
> upstream maintainers ?

What you can do short-term:

If you have selinux-policy-<foo>-sources installed, you can try this:

cat << EOF >> /etc/selinux/strict/src/policy/file_contexts/misc/local.fc
# Places the OpenOffice stuff puts stuff
/usr/local/OpenOffice.org1.1.4/program/.*\.so(\.[^/]*)*    --      system_u:object_r:shlib_t
/opt/openoffice.org[^/]*/program/.*\.so(\.[^/]*)*    --      system_u:object_r:shlib_t
/opt/openoffice.org[^/]*/program/soffice.bin --	system_u:object_r:bin_t
EOF

That seemed to shut the vast majority of the whinging when I tried it
with strict/permissive.  You might have to tag something with texrel_shlib_t
as well.  I don't think there's any new policy needed, just file contexts
to get the *.so's as shlib_t and the binaries as bin_t

(it's 4:37AM and one of my cats just finished dropping a litter of kittens
under my bed about a half hour, so you'll have to flush out the rest of the
answer for yourself :)

Long-term answer: when Fedora ships their official openofficeorg-*-2.0 RPMs,
we'll make sure The Right Thing happens.

Attachment: pgpTcQ2xCtPBy.pgp
Description: PGP signature

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux