several problems after successful update, wine, texlive and selinux
Antonio Olivares
olivares14031 at yahoo.com
Tue Aug 21 22:16:22 UTC 2007
Dear all,
I have successfully updated the machine I asked help to update for which advice was quickly given and resolved. However, after updating I find the following problems:
1) wine does not work. Is it because of selinux? dmesg does not show this :(
[olivares at localhost ~]$ wine ~/.wine/drive_c/Program\ Files/Orbis\ Software/Easy\ Grade\ Pro/Egp.exe &
[1] 3004
[olivares at localhost ~]$ bash: /usr/bin/wine: Permission denied
[1]+ Exit 126 wine ~/.wine/drive_c/Program\ Files/Orbis\ Software/Easy\ Grade\ Pro/Egp.exe
[olivares at localhost ~]$ wine --help
bash: /usr/bin/wine: Permission denied
[olivares at localhost ~]$ wine ~/.wine/drive_c/Program\ Files/Orbis\ Software/Easy\ Grade\ Pro/Egp.exe &
[1] 3007
[olivares at localhost ~]$ bash: /usr/bin/wine: Permission denied
[1]+ Exit 126 wine ~/.wine/drive_c/Program\ Files/Orbis\ Software/Easy\ Grade\ Pro/Egp.exe
[olivares at localhost ~]$ rpm -qa wine*
wine-capi-0.9.43-2.fc8
wine-twain-0.9.43-2.fc8
wine-nas-0.9.43-2.fc8
wine-jack-0.9.43-2.fc8
wine-0.9.43-2.fc8
wine-cms-0.9.43-2.fc8
wine-tools-0.9.43-2.fc8
wine-core-0.9.43-2.fc8
wine-esd-0.9.43-2.fc8
wine-ldap-0.9.43-2.fc8
2) texlive install was almost successfull all the way except for tetex-xdvi no equivalent texlive package. I am surprised that f8 test 1 still had tetex instead of texlive, but here I installed it using the instructions on the Wiki.
[root at localhost Downloads]# yum install texlive texlive-latex
Setting up Install Process
Parsing package install arguments
development 100% |=========================| 2.1 kB 00:00
primary.sqlite.bz2 100% |=========================| 4.2 MB 00:03
texlive 100% |=========================| 951 B 00:00
primary.xml.gz 100% |=========================| 7.2 kB 00:00
texlive : ################################################## 23/23
Resolving Dependencies
--> Running transaction check
---> Package texlive.i386 0:2007-0.10.fc7 set to be updated
---> Package texlive-latex.i386 0:2007-0.10.fc7 set to be updated
--> Processing Dependency: texlive-texmf = 2007 for package: texlive
--> Processing Dependency: libt1.so.5 for package: texlive
--> Processing Dependency: libTECkit.so.0 for package: texlive
--> Processing Dependency: texlive-texmf-errata = 2007 for package: texlive-latex
--> Processing Dependency: texlive-dvips = 2007 for package: texlive-latex
--> Processing Dependency: texlive-texmf-latex = 2007 for package: texlive-latex
--> Processing Dependency: texlive-texmf-errata = 2007 for package: texlive
--> Processing Dependency: texlive-fonts = 2007-0.10.fc7 for package: texlive
--> Processing Dependency: libkpathsea.so.4 for package: texlive
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package texlive-texmf-latex.noarch 0:2007-0.10.fc7 set to be updated
---> Package texlive-fonts.i386 0:2007-0.10.fc7 set to be updated
---> Package texlive-dvips.i386 0:2007-0.10.fc7 set to be updated
---> Package texlive.i386 0:2007-0.10.fc7 set to be updated
---> Package texlive-latex.i386 0:2007-0.10.fc7 set to be updated
---> Package texlive-texmf-errata.noarch 0:2007-0.9.fc7 set to be updated
---> Package texlive-texmf.noarch 0:2007-0.10.fc7 set to be updated
---> Package t1lib.i386 0:5.1.1-1.fc8 set to be updated
---> Package teckit.i386 0:2.2.1-1.fc8 set to be updated
---> Package kpathsea.i386 0:2007-0.10.fc7 set to be updated
--> Processing Dependency: texlive-texmf-fonts >= 2007 for package: texlive-fonts
--> Processing Dependency: texlive-texmf-errata-latex = 2007 for package: texlive-texmf-latex
--> Processing Dependency: texlive-texmf-common = 2007 for package: texlive-texmf-latex
--> Processing Dependency: texlive-texmf-dvips = 2007 for package: texlive-dvips
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package texlive-texmf-latex.noarch 0:2007-0.10.fc7 set to be updated
---> Package texlive-fonts.i386 0:2007-0.10.fc7 set to be updated
---> Package texlive-dvips.i386 0:2007-0.10.fc7 set to be updated
---> Package texlive-texmf-fonts.noarch 0:2007-0.10.fc7 set to be updated
---> Package texlive-texmf-errata-latex.noarch 0:2007-0.9.fc7 set to be updated
---> Package texlive-texmf-common.noarch 0:2007-0.10.fc7 set to be updated
---> Package texlive-texmf-dvips.noarch 0:2007-0.10.fc7 set to be updated
--> Processing Dependency: texlive-texmf-errata-common = 2007-0.9.fc7 for package: texlive-texmf-errata-latex
--> Processing Dependency: texlive-texmf-errata-fonts = 2007 for package: texlive-texmf-fonts
--> Processing Dependency: texlive-texmf-errata-dvips = 2007 for package: texlive-texmf-dvips
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package texlive-texmf-errata-common.noarch 0:2007-0.9.fc7 set to be updated
---> Package texlive-texmf-errata-fonts.noarch 0:2007-0.9.fc7 set to be updated
---> Package texlive-texmf-fonts.noarch 0:2007-0.10.fc7 set to be updated
---> Package texlive-texmf-errata-latex.noarch 0:2007-0.9.fc7 set to be updated
---> Package texlive-texmf-errata-dvips.noarch 0:2007-0.9.fc7 set to be updated
---> Package texlive-texmf-dvips.noarch 0:2007-0.10.fc7 set to be updated
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
texlive i386 2007-0.10.fc7 texlive 5.8 M
texlive-latex i386 2007-0.10.fc7 texlive 74 k
Installing for dependencies:
kpathsea i386 2007-0.10.fc7 texlive 148 k
t1lib i386 5.1.1-1.fc8 development 316 k
teckit i386 2.2.1-1.fc8 development 322 k
texlive-dvips i386 2007-0.10.fc7 texlive 176 k
texlive-fonts i386 2007-0.10.fc7 texlive 509 k
texlive-texmf noarch 2007-0.10.fc7 texlive 8.2 M
texlive-texmf-common noarch 2007-0.10.fc7 texlive 7.4 k
texlive-texmf-dvips noarch 2007-0.10.fc7 texlive 826 k
texlive-texmf-errata noarch 2007-0.9.fc7 texlive 3.3 k
texlive-texmf-errata-common noarch 2007-0.9.fc7 texlive 3.4 k
texlive-texmf-errata-dvips noarch 2007-0.9.fc7 texlive 3.3 k
texlive-texmf-errata-fonts noarch 2007-0.9.fc7 texlive 3.2 k
texlive-texmf-errata-latex noarch 2007-0.9.fc7 texlive 3.3 k
texlive-texmf-fonts noarch 2007-0.10.fc7 texlive 55 M
texlive-texmf-latex noarch 2007-0.10.fc7 texlive 3.1 M
Transaction Summary
=============================================================================
Install 17 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 74 M
Is this ok [y/N]: y
Downloading Packages:
(1/17): kpathsea-2007-0.1 100% |=========================| 148 kB 00:00
(2/17): teckit-2.2.1-1.fc 100% |=========================| 322 kB 00:00
(3/17): texlive-texmf-dvi 100% |=========================| 826 kB 00:00
(4/17): texlive-texmf-err 100% |=========================| 3.3 kB 00:00
(5/17): t1lib-5.1.1-1.fc8 100% |=========================| 316 kB 00:00
(6/17): texlive-texmf-com 100% |=========================| 7.4 kB 00:00
(7/17): texlive-texmf-200 100% |=========================| 8.2 MB 00:05
(8/17): texlive-texmf-err 100% |=========================| 3.3 kB 00:00
(9/17): texlive-texmf-err 100% |=========================| 3.3 kB 00:00
(10/17): texlive-latex-20 100% |=========================| 74 kB 00:00
(11/17): texlive-texmf-fo 100% |=========================| 55 MB 00:37
(12/17): texlive-texmf-er 100% |=========================| 3.2 kB 00:00
(13/17): texlive-2007-0.1 100% |=========================| 5.8 MB 00:04
(14/17): texlive-dvips-20 100% |=========================| 176 kB 00:00
(15/17): texlive-fonts-20 100% |=========================| 509 kB 00:00
(16/17): texlive-texmf-er 100% |=========================| 3.4 kB 00:00
(17/17): texlive-texmf-la 100% |=========================| 3.1 MB 00:02
Running rpm_check_debug
--> Populating transaction set with selected packages. Please wait.
---> Package texlive-texmf-latex.noarch 0:2007-0.10.fc7 set to be updated
---> Package texlive-texmf-errata-common.noarch 0:2007-0.9.fc7 set to be updated
---> Package texlive-fonts.i386 0:2007-0.10.fc7 set to be updated
---> Package texlive-dvips.i386 0:2007-0.10.fc7 set to be updated
---> Package texlive.i386 0:2007-0.10.fc7 set to be updated
---> Package texlive-texmf-errata-fonts.noarch 0:2007-0.9.fc7 set to be updated
---> Package texlive-texmf-fonts.noarch 0:2007-0.10.fc7 set to be updated
---> Package texlive-latex.i386 0:2007-0.10.fc7 set to be updated
---> Package texlive-texmf-errata.noarch 0:2007-0.9.fc7 set to be updated
---> Package texlive-texmf-errata-latex.noarch 0:2007-0.9.fc7 set to be updated
---> Package texlive-texmf.noarch 0:2007-0.10.fc7 set to be updated
---> Package texlive-texmf-common.noarch 0:2007-0.10.fc7 set to be updated
---> Package t1lib.i386 0:5.1.1-1.fc8 set to be updated
---> Package texlive-texmf-errata-dvips.noarch 0:2007-0.9.fc7 set to be updated
---> Package texlive-texmf-dvips.noarch 0:2007-0.10.fc7 set to be updated
---> Package teckit.i386 0:2.2.1-1.fc8 set to be updated
---> Package kpathsea.i386 0:2007-0.10.fc7 set to be updated
ERROR with rpm_check_debug vs depsolve:
Package tetex-xdvi needs tetex-dvips = 3.0, this is not available.
Complete!
and selinux is causing too much trouble. Here's an example: Sorry for all the text in the selinux alert.
Summary
SELinux is preventing /usr/lib/firefox-2.0.0.6/firefox-bin from making the
program stack executable.
Detailed Description
The /usr/lib/firefox-2.0.0.6/firefox-bin application attempted to make the
its stack executable. This is a potential security problem. This should
never ever be necessary. stack memory is not executable on most OSes these
days and this will not change. Executable stack memory is one of the biggest
security problems. An execstack error might in fact be most likely raised by
malicious code. Applications are sometimes coded incorrectly and request
this permission. The http://people.redhat.com/drepper/selinux-mem.html web
page explains how to remove this requirement. If /usr/lib/firefox-2.0.0.6
/firefox-bin does not work and you need it to work, you can configure
SELinux temporarily to allow this access until the application is fixed.
Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this
package.
Allowing Access
Sometimes a library is accidentally marked with the execstack flag, if you
find a library with this flag you can clear it with the execstack -c
LIBRARY_PATH. Then retry your application. If the app continues to not
work, you can turn the flack back on with execstac -s LIBRARY_PATH.
Otherwise, if you trust /usr/lib/firefox-2.0.0.6/firefox-bin to run
correctly, you can change the context of the executable to
unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t
/usr/lib/firefox-2.0.0.6/firefox-bin" You must also change the default file
context files on the system in order to preserve them even on a full
relabel. "semanage fcontext -a -t unconfined_execmem_exec_t
/usr/lib/firefox-2.0.0.6/firefox-bin"
The following command will allow this access:
chcon -t unconfined_execmem_exec_t /usr/lib/firefox-2.0.0.6/firefox-bin
Additional Information
Source Context system_u:system_r:unconfined_t
Target Context system_u:system_r:unconfined_t
Target Objects None [ process ]
Affected RPM Packages firefox-2.0.0.6-3.fc8 [application]
Policy RPM selinux-policy-3.0.5-8.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.allow_execstack
Host Name localhost
Platform Linux localhost 2.6.23-0.115.rc3.git1.fc8 #1 SMP
Fri Aug 17 20:58:14 EDT 2007 i686 athlon
Alert Count 6
First Seen Tue 21 Aug 2007 04:17:07 PM CDT
Last Seen Tue 21 Aug 2007 04:54:17 PM CDT
Local ID bbd222d8-abbe-4dd8-b54b-46c7d29b434c
Line Numbers
Raw Audit Messages
avc: denied { execstack } for comm="firefox-bin" egid=500 euid=500
exe="/usr/lib/firefox-2.0.0.6/firefox-bin" exit=-13 fsgid=500 fsuid=500 gid=500
items=0 pid=3011 scontext=system_u:system_r:unconfined_t:s0 sgid=500
subj=system_u:system_r:unconfined_t:s0 suid=500 tclass=process
tcontext=system_u:system_r:unconfined_t:s0 tty=(none) uid=500
SELinux is preventing /usr/sbin/hald (hald_t) "read" to reload (var_lib_t).
SELinux prevented /usr/sbin/ntpd from using the terminal 0
avc: denied { read, write } for comm="ntpd" dev=devpts egid=0 euid=0 exe="/usr/sbin/ntpd" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="0" pid=17348 scontext=user_u:system_r:ntpd_t:s0 sgid=0 subj=user_u:system_r:ntpd_t:s0 suid=0 tclass=chr_file tcontext=user_u:object_r:devpts_t:s0 tty=(none) uid=0
SELinux is preventing /usr/sbin/cupsd (unlabeled_t) "create" to (unlabeled_t).
SELinux is preventing /usr/sbin/cupsd (unlabeled_t) "append" to /var/log/cups/error_log (cupsd_log_t).
SELinux prevented /sbin/rpc.statd from using the terminal /dev/pts/0.
......, there are a bunch of them. sorry for not posting them.
dmesg does not show any of these when running dmesg from the terminal.
see
http://www.geocities.com/olivares14031//20070821164505-dmesg.htm
for details. Will do an
# touch /.autorelabel
# reboot
and hope that it cures many of these issues.
Regards,
Antonio
____________________________________________________________________________________
Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
More information about the test
mailing list