Ian Pilcher wrote:
Acrobat Reader 7 (non-RPM install) is still broken:
Jun 27 18:04:00 home kernel: audit(1119913440.472:0): avc: denied {
execmod } for pid=5877 comm=acroread
path=/opt/Adobe/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api
dev=md1 ino=578545 scontext=user_u:system_r:unconfined_t
tcontext=root:object_r:usr_t tclass=file
Jun 27 18:04:00 home kernel: audit(1119913440.495:0): avc: denied {
execmod } for pid=5877 comm=acroread
path=/opt/Adobe/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl
dev=md1 ino=578612 scontext=user_u:system_r:unconfined_t
tcontext=root:object_r:usr_t tclass=file
OK, I've got Acrobat Reader 7 working with this policy. It turns out
that it includes a number of shared library files with names that don't
end in .so. The following got it working for me:
cd /opt/Adobe/Acrobat7.0/Reader/intellinux
chcon -t shlib_t SPPlugins/ADMPlugin.apl plug_ins/*.api
restorecon did not recognize that these files were mislabeled. In fact,
it thinks that they should be changed back to usr_t. Presumably, it
should be enhanced to look at things other than file name.
--
========================================================================
Ian Pilcher i.pilcher@xxxxxxxxxxx
========================================================================