[scribus] SElinux alert from Scribus 135

Roger hovergo at net-tech.com.au
Fri May 30 02:28:20 CEST 2008

Apologies for the length of this post.

This type of SELinux alert pops up frequently since installing the 135svn last
I have had it today on 3 different .so files that Scribus installed and have run
the  chcon -t textrel_shlib_t
/home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so as below.
Is this a bug or something in my system.
What can I do to fix the problem
Apart from these 135 runs nicely and now opens the file I mentioned yesterday so
work starts again.

     SELinux is preventing /home/user/scribusbuild/bin/scribus from loading
     /home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so which
     requires text relocation.

Detailed Description
     The /home/user/scribusbuild/bin/scribus application attempted to load
     /home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so which
     requires text relocation.  This is a potential security problem. Most
     libraries do not need this permission. Libraries are sometimes coded
     incorrectly and request this permission.  The
     http://people.redhat.com/drepper/selinux-mem.html web page explains how to
     remove this requirement.  You can configure SELinux temporarily to allow
     /home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so to use
     relocation as a workaround, until the library is fixed. Please file a
     http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Allowing Access
     If you trust
     /home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so to run
     correctly, you can change the file context to textrel_shlib_t. "chcon -t
     /home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so" You
     must also change the default file context files on the system in order to
     preserve them even on a full relabel.  "semanage fcontext -a -t

     The following command will allow this access:
     chcon -t textrel_shlib_t

Additional Information

Source Context                unconfined_u:system_r:unconfined_t:s0
Target Context                unconfined_u:object_r:unconfined_home_t:s0
Target Objects                /home/user/scribusbuild/lib/scribus/plugins/li
                               bmeshdistortion.so [ file ]
Affected RPM Packages
Policy RPM                    selinux-policy-3.0.8-44.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   plugins.allow_execmod
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain #1 SMP
                               Thu Mar 20 14:47:10 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Thu 29 May 2008 04:47:14 PM EST
Last Seen                     Thu 29 May 2008 04:47:14 PM EST
Local ID                      9b837e2b-d658-46a2-b7a5-bccec78d601b
Line Numbers

Raw Audit Messages

avc: denied { execmod } for comm=scribus dev=dm-2 egid=500 euid=500
exe=/home/user/scribusbuild/bin/scribus exit=0 fsgid=500 fsuid=500 gid=500
pid=3669 scontext=unconfined_u:system_r:unconfined_t:s0 sgid=500
subj=unconfined_u:system_r:unconfined_t:s0 suid=500 tclass=file
tcontext=unconfined_u:object_r:unconfined_home_t:s0 tty=(none) uid=500

More information about the scribus mailing list