acrobat 7 stopped working recently...
Richard Irving
rirving at antient.org
Wed Jun 15 00:52:59 UTC 2005
Michael W. Carney wrote:
>Michael W. Carney wrote:
>
>
That isn't *all* that is borked, the realplayer plugin
in firefox/mozilla tanked, as well. All audio, no video.
The same bug is just being announced in FC4, so I suspect it
is related.
After a bunch of thumping around, one way or another,
an openly *stupid* addition got it working again...
in unconfined.te add:
allow unconfined_t usr_t:file execmod;
So, as long as you don't mind leaving your armors backdoor
open, you can get this stuff working again.
As far as acrobat, YMMV, but it worked for Realplayer.
But, *my* it feels breezy in here... :P
I suspect a better fix than this is coming, as they repair the
selinux targeted updates they just released. Caveat Emptor.
>>Michael W. Carney wrote:
>>
>>
>>
>>>Likely related to recent targeted policy updates...:
>>>
>>>Jun 14 10:03:09 lucy-01 kernel: audit(1118768589.854:0): avc: denied
>>>{ execmod } for pid=5660 comm=acroread
>>>path=/opt/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api dev=sdb6
>>>ino=65721 scontext=user_u:system_r:unconfined_t
>>>tcontext=system_u:object_r:usr_t tclass=file
>>>Jun 14 10:03:09 lucy-01 kernel: audit(1118768589.868:0): avc: denied
>>>{ execmod } for pid=5660 comm=acroread
>>>path=/opt/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl dev=sdb6
>>>ino=65676 scontext=user_u:system_r:unconfined_t
>>>tcontext=system_u:object_r:usr_t tclass=file
>>>
>>>62> ls -Z /opt/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api
>>>-rwxr-xr-x root root
>>>system_u:object_r:usr_t
>>>/opt/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api* 63> ls -Z
>>>/opt/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl
>>>-rwxr-xr-x root root
>>>system_u:object_r:usr_t
>>>/opt/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl* 64>
>>>
>>>I'm running FC3, targeted policy:
>>>
>>>47> rpm -q -a 'selinux*'
>>>selinux-policy-strict-1.19.10-2
>>>selinux-doc-1.14.1-1
>>>selinux-policy-targeted-1.17.30-3.2
>>>48>
>>>
>>>Could some kind soul clue me into the right incantation to get this
>>>working again? Thanks.
>>>
>>>
>>Ok, these files are shared libraries, so I imagine the context should be:
>>
>>system_u:object_r:shlib_t rather than system_u:object_r:usr_t.
>>
>>Should I be making changes to:
>>
>>/etc/selinux/targeted/contexts/files/file_contexts
>>
>>and adding entries for these files and then rerun setfiles?
>>
>>
>
>Ok, adding explicit security context entries for acrobat worked. See the
>attachment for the entries I added to:
>
>/etc/selinux/targeted/contexts/files/file_contexts
>
>which solved the problem. The following question remains: Are the steps I
>took correct for resolving the problem? Thanks.
>
>
>
>
>------------------------------------------------------------------------
>
>#
># Acrobat7.0...
>#
>/opt/Acrobat7.0/Browser/.*/nppdf\.so -- system_u:object_r:shlib_t
>/opt/Acrobat7.0/Reader/.*/plug_ins/.*\.api -- system_u:object_r:shlib_t
>/opt/Acrobat7.0/Reader/.*/SPPlugins/ADMPlugin\.apl -- system_u:object_r:shlib_t
>
>
>------------------------------------------------------------------------
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the selinux
mailing list