Michael W. Carney wrote:
> Likely related to recent targeted policy updates...:
>
> Jun 14 10:03:09 lucy-01 kernel: audit(1118768589.854:0): avc: denied
> { execmod } for pid=5660 comm=acroread
> path=/opt/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api dev=sdb6
> ino=65721 scontext=user_u:system_r:unconfined_t
> tcontext=system_u:object_r:usr_t tclass=file
> Jun 14 10:03:09 lucy-01 kernel: audit(1118768589.868:0): avc: denied
> { execmod } for pid=5660 comm=acroread
> path=/opt/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl dev=sdb6
> ino=65676 scontext=user_u:system_r:unconfined_t
> tcontext=system_u:object_r:usr_t tclass=file
>
> 62> ls -Z /opt/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api
> -rwxr-xr-x root root
> system_u:object_r:usr_t
> /opt/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api* 63> ls -Z
> /opt/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl
> -rwxr-xr-x root root
> system_u:object_r:usr_t
> /opt/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl* 64>
>
> I'm running FC3, targeted policy:
>
> 47> rpm -q -a 'selinux*'
> selinux-policy-strict-1.19.10-2
> selinux-doc-1.14.1-1
> selinux-policy-targeted-1.17.30-3.2
> 48>
>
> Could some kind soul clue me into the right incantation to get this
> working again? Thanks.
Ok, these files are shared libraries, so I imagine the context should be:
system_u:object_r:shlib_t rather than system_u:object_r:usr_t.
Should I be making changes to:
/etc/selinux/targeted/contexts/files/file_contexts
and adding entries for these files and then rerun setfiles?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
