selinux throwing incomprehensible errors when trying to run GoogleEardh
Claude Jones
cjoneslists at tehogeeservices.com
Mon Jul 26 12:25:42 UTC 2010
On Mon July 26 2010, Daniel J Walsh wrote:
> On 07/26/2010 01:27 AM, Claude Jones wrote:
> > It seems to be saying that the directory access requested
> > requires labeling as usr_t, but its current type is usr_t --
> > it requires usr_t but it's currently labeled usr_t -- there
> > appears to confusion here on the part of Selinux, no? I've
> > tried applying the recommended fix, but the recommended fix
> > just resets the labelling to what it already is, and I'm
> > going round in circles
> >
> > Summary:
> >
> > SELinux is preventing /opt/google-earth/googleearth-bin
> > "execmod" access to
> > /opt/google-earth/libIGGfx.so.
> >
> > Detailed Description:
> >
> > SELinux denied access requested by
> > /opt/google-earth/googleearth- bin.
> > /opt/google-earth/googleearth-bin is mislabeled.
> > /opt/google-earth/googleearth-bin default SELinux type is
> > usr_t, but its current
> > type is usr_t. Changing this file back to the default type,
> > may fix your
> > problem.
>
> Run
>
> restorecon -R -v /opt
>
> Should fix the labels.
Thanks, Dan. That did something, and I got a little further, with
the GoogleEarth splash screen displaying for the first time, but
then it closed out, and the actual program never started, and I
got another SeAlert message:
Summary:
SELinux is preventing /opt/google-earth/googleearth-bin "execmod"
access to
/opt/google-earth/libIGGfx.so.
Detailed Description:
SELinux denied access requested by /opt/google-earth/googleearth-
bin.
/opt/google-earth/googleearth-bin is mislabeled.
/opt/google-earth/googleearth-bin default SELinux type is usr_t,
but its current
type is usr_t. Changing this file back to the default type, may
fix your
problem.
If you believe this is a bug, please file a bug report against
this package.
Allowing Access:
You can restore the default system context to this file by
executing the
restorecon command. restorecon '/opt/google-earth/googleearth-
bin'.
Fix Command:
/sbin/restorecon '/opt/google-earth/googleearth-bin'
Additional Information:
Source Context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Context unconfined_u:object_r:usr_t:s0
Target Objects /opt/google-earth/libIGGfx.so [ file
]
Source googleearth-bin
Source Path /opt/google-earth/googleearth-bin
Port <Unknown>
Host tehogee.localdomain
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.7.19-39.fc13
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name restore_source_context
Host Name tehogee.localdomain
Platform Linux tehogee.localdomain
2.6.33.6-147.fc13.x86_64
#1 SMP Tue Jul 6 22:32:17 UTC 2010
x86_64 x86_64
Alert Count 8
First Seen Sun 25 Jul 2010 08:59:32 PM EDT
Last Seen Mon 26 Jul 2010 01:19:13 AM EDT
Local ID d0b51729-0e62-41e0-9c03-ff177cd4e671
Line Numbers
Raw Audit Messages
node=tehogee.localdomain type=AVC msg=audit(1280121553.393:24981):
avc: denied { execmod } for pid=21349 comm="googleearth-bin"
path="/opt/google-earth/libIGGfx.so" dev=sdb3 ino=1313604
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
node=tehogee.localdomain type=SYSCALL
msg=audit(1280121553.393:24981): arch=40000003 syscall=125
success=no exit=-13 a0=8462000 a1=370000 a2=5 a3=ffb78460 items=0
ppid=18875 pid=21349 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=208
comm="googleearth-bin" exe="/opt/google-earth/googleearth-bin"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
key=(null)
--
Claude Jones
Brunswick, MD, USA
More information about the users
mailing list