On Mon July 26 2010, Daniel J Walsh wrote:
On 07/26/2010 01:27 AM, Claude Jones wrote:
It seems to be saying that the directory access requested requires labeling as usr_t, but its current type is usr_t -- it requires usr_t but it's currently labeled usr_t -- there appears to confusion here on the part of Selinux, no? I've tried applying the recommended fix, but the recommended fix just resets the labelling to what it already is, and I'm going round in circles
Summary:
SELinux is preventing /opt/google-earth/googleearth-bin "execmod" access to /opt/google-earth/libIGGfx.so.
Detailed Description:
SELinux denied access requested by /opt/google-earth/googleearth- bin. /opt/google-earth/googleearth-bin is mislabeled. /opt/google-earth/googleearth-bin default SELinux type is usr_t, but its current type is usr_t. Changing this file back to the default type, may fix your problem.
Run
restorecon -R -v /opt
Should fix the labels.
Thanks, Dan. That did something, and I got a little further, with the GoogleEarth splash screen displaying for the first time, but then it closed out, and the actual program never started, and I got another SeAlert message:
Summary:
SELinux is preventing /opt/google-earth/googleearth-bin "execmod" access to /opt/google-earth/libIGGfx.so.
Detailed Description:
SELinux denied access requested by /opt/google-earth/googleearth- bin. /opt/google-earth/googleearth-bin is mislabeled. /opt/google-earth/googleearth-bin default SELinux type is usr_t, but its current type is usr_t. Changing this file back to the default type, may fix your problem.
If you believe this is a bug, please file a bug report against this package.
Allowing Access:
You can restore the default system context to this file by executing the restorecon command. restorecon '/opt/google-earth/googleearth- bin'.
Fix Command:
/sbin/restorecon '/opt/google-earth/googleearth-bin'
Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:object_r:usr_t:s0 Target Objects /opt/google-earth/libIGGfx.so [ file ] Source googleearth-bin Source Path /opt/google-earth/googleearth-bin Port <Unknown> Host tehogee.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.7.19-39.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name restore_source_context Host Name tehogee.localdomain Platform Linux tehogee.localdomain 2.6.33.6-147.fc13.x86_64 #1 SMP Tue Jul 6 22:32:17 UTC 2010 x86_64 x86_64 Alert Count 8 First Seen Sun 25 Jul 2010 08:59:32 PM EDT Last Seen Mon 26 Jul 2010 01:19:13 AM EDT Local ID d0b51729-0e62-41e0-9c03-ff177cd4e671 Line Numbers
Raw Audit Messages
node=tehogee.localdomain type=AVC msg=audit(1280121553.393:24981): avc: denied { execmod } for pid=21349 comm="googleearth-bin" path="/opt/google-earth/libIGGfx.so" dev=sdb3 ino=1313604 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
node=tehogee.localdomain type=SYSCALL msg=audit(1280121553.393:24981): arch=40000003 syscall=125 success=no exit=-13 a0=8462000 a1=370000 a2=5 a3=ffb78460 items=0 ppid=18875 pid=21349 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=208 comm="googleearth-bin" exe="/opt/google-earth/googleearth-bin" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)