Latest Seamonkey update

Jim Cornette fc-cornette at insight.rr.com
Wed Aug 16 00:54:10 UTC 2006 

Jakub Jelinek wrote:
> On Tue, Aug 15, 2006 at 07:30:25PM -0400, Jim Cornette wrote:
>> locate libxpcom_core.so
>> /usr/lib/firefox-1.5.0.6/libxpcom_core.so
>> /usr/lib/seamonkey-1.0.4/libxpcom_core.so
>> /usr/lib/thunderbird-1.5.0.5/libxpcom_core.so
>> # ls -lZ /usr/lib/firefox-1.5.0.6/libxpcom_core.so
>> -rwxr-xr-x  root root system_u:object_r:textrel_shlib_t
>> # ls -lZ /usr/lib/seamonkey-1.0.4/libxpcom_core.so
>> -rwxr-xr-x  root root system_u:object_r:lib_t
>> # ls -lZ /usr/lib/thunderbird-1.5.0.5/libxpcom_core.so
>> -rwxr-xr-x  root root system_u:object_r:textrel_shlib_t
>>
>> I don't mind the browser being replaced with an individual application 
>> vs a suite of integrated applications for email, browsing and editing. I 
>> miss the missing editing feature the most.
>>
>> How in the world do you get seamonkey and its corresponding .so files 
>> into the selinux fold? Or better yet, are there guidelines and 
>> assistance given to the Fedora-Extras maintainer that allow their rpms 
>> to set items to the needed SELinux content, in order to work out of the box?
> 
> Best cure is avoid DT_TEXTREL shared libraries.  Even on the platforms
> that (in a limited way) allow them, they are very costly and insecure.
> See
> http://people.redhat.com/drepper/textrelocs.html
> for details.  If you fix it up, you don't need any special selinux policy
> changes.
> 
> 	Jakub
> 
This particular library outputs the below. Running with the eu-readelf 
-d /usr/lib/seamonkey-1.0.4/libxpcom_core.so shows TEXTREL as blank. I 
don't understand anything regarding the output. I do know that SELinux 
does not like libxpcom_core.so
I am reading the material that you posted a link to. When (or if) I 
grasp the concept, I'll at least follow-up on filing a bug report 
against the culpret.

type=AVC msg=audit(1155606650.228:25): avc:  denied  { execmod } for 
pid=2544 comm="seamonkey-bin" name="libxpcom_core.so" dev=dm-0 
ino=1901000 scontext=user_u:system_r:unconfined_t:s0 
tcontext=system_u:object_r:lib_t:s0 tclass=file


Dynamic segment contains 34 entries:
  Addr: 0x000d0ed4  Offset: 0x0d0ed4  Link to section: [ 3] '.dynstr'
   Type              Value
   NEEDED            Shared library: [libplds4.so]
   NEEDED            Shared library: [libplc4.so]
   NEEDED            Shared library: [libnspr4.so]
   NEEDED            Shared library: [libpthread.so.0]
   NEEDED            Shared library: [libdl.so.2]
   NEEDED            Shared library: [libstdc++.so.6]
   NEEDED            Shared library: [libm.so.6]
   NEEDED            Shared library: [libgcc_s.so.1]
   NEEDED            Shared library: [libc.so.6]
   SONAME            Library soname: [libxpcom_core.so]
   INIT              0x0002160c
   FINI              0x00099fb4
   HASH              0x000000d4
   STRTAB            0x00008f74
   SYMTAB            0x00002a44
   STRSZ             56143 (bytes)
   SYMENT            16 (bytes)
   PLTGOT            0x000d109c
   PLTRELSZ          4984 (bytes)
   PLTREL            REL
   JMPREL            0x00020294
   REL               0x0001787c
   RELSZ             35352 (bytes)
   RELENT            8 (bytes)
   TEXTREL
   VERNEED           0x0001776c
   VERNEEDNUM        5
   VERSYM            0x00016ac4
   RELCOUNT          1889
   NULL
   NULL
   NULL
   NULL
   NULL

More information about the fedora-list mailing list