[scribus] SElinux alert from Scribus 135
Roger
hovergo at net-tech.com.au
Fri May 30 02:28:20 CEST 2008
Apologies for the length of this post.
This type of SELinux alert pops up frequently since installing the 135svn last
night.
I have had it today on 3 different .so files that Scribus installed and have run
the chcon -t textrel_shlib_t
/home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so as below.
Is this a bug or something in my system.
What can I do to fix the problem
Apart from these 135 runs nicely and now opens the file I mentioned yesterday so
work starts again.
TIA
Roger
Summary
SELinux is preventing /home/user/scribusbuild/bin/scribus from loading
/home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so which
requires text relocation.
Detailed Description
The /home/user/scribusbuild/bin/scribus application attempted to load
/home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so which
requires text relocation. This is a potential security problem. Most
libraries do not need this permission. Libraries are sometimes coded
incorrectly and request this permission. The
http://people.redhat.com/drepper/selinux-mem.html web page explains how to
remove this requirement. You can configure SELinux temporarily to allow
/home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so to use
relocation as a workaround, until the library is fixed. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Allowing Access
If you trust
/home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so to run
correctly, you can change the file context to textrel_shlib_t. "chcon -t
textrel_shlib_t
/home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so" You
must also change the default file context files on the system in order to
preserve them even on a full relabel. "semanage fcontext -a -t
textrel_shlib_t
/home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so"
The following command will allow this access:
chcon -t textrel_shlib_t
/home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so
Additional Information
Source Context unconfined_u:system_r:unconfined_t:s0
Target Context unconfined_u:object_r:unconfined_home_t:s0
Target Objects /home/user/scribusbuild/lib/scribus/plugins/li
bmeshdistortion.so [ file ]
Affected RPM Packages
Policy RPM selinux-policy-3.0.8-44.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name plugins.allow_execmod
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.24.3-50.fc8 #1 SMP
Thu Mar 20 14:47:10 EDT 2008 i686 i686
Alert Count 1
First Seen Thu 29 May 2008 04:47:14 PM EST
Last Seen Thu 29 May 2008 04:47:14 PM EST
Local ID 9b837e2b-d658-46a2-b7a5-bccec78d601b
Line Numbers
Raw Audit Messages
avc: denied { execmod } for comm=scribus dev=dm-2 egid=500 euid=500
exe=/home/user/scribusbuild/bin/scribus exit=0 fsgid=500 fsuid=500 gid=500
items=0
path=/home/user/scribusbuild/lib/scribus/plugins/libmeshdistortion.so
pid=3669 scontext=unconfined_u:system_r:unconfined_t:s0 sgid=500
subj=unconfined_u:system_r:unconfined_t:s0 suid=500 tclass=file
tcontext=unconfined_u:object_r:unconfined_home_t:s0 tty=(none) uid=500
More information about the scribus
mailing list