On Thu, 27 Apr 2006, Paul Howarth wrote: > On Thu, 2006-04-27 at 08:58 +0200, Stephan Groß wrote: > > On Thursday 27 April 2006 07:39, Klaus Steinberger wrote: > > > > Hi, > > > > > in Fedora Core 5 selinux blocks execution of the CISCO vpnclient, as well > > > as acroread: > > > > > > [klaus.steinberger@noname ~]$ acroread > > > /usr/lib/acroread/Reader/intellinux/bin/acroread: error while loading > > > shared libraries: /usr/lib/acroread/Reader/intellinux/lib/libJP2K.so: > > > cannot restore segment prot after reloc: Permission denied > > > [klaus.steinberger@noname ~]$ > > > > after some googling I found following advice that worked for me to enable > > acroread again: > > > > 1. Start "System" > "Administration" > "Security Level and Firewall" > > 2. On the "SELinux" tab click on "Modify SELinux Policy > Compatibility" > > 3. Tick the check box next to "Allow the use of shared libraries with Text > > Relocation". > > A better fix is to label the acroread files correctly, which only > "opens" the protection for acroread and not every process on the system: > > I believe you need: > # chcon -t textrel_shlib_t \ > /usr/lib/acroread/Reader/intellinux/lib/*.so \ > /usr/lib/acroread/Reader/intellinux/SPPlugins/*.apl \ > /usr/lib/acroread/Reader/intellinux/plug_ins/*.api If I relabel as suggested above, what happens the next time the filesystem is relabeled. If as I suspect they get relabeled back to the previous settings, what is the correct way to make the changes permanent? Regards, Tom Diehl tdiehl@xxxxxxxxxxxx Spamtrap address mtd123@xxxxxxxxxxxx -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
