[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: acrobat 7 stopped working recently...

From: "Michael W. Carney" <michael es carney sbcglobal net>
To: fedora-selinux-list redhat com
Subject: Re: acrobat 7 stopped working recently...
Date: Tue, 14 Jun 2005 11:37:51 -0700

Michael W. Carney wrote:

> Michael W. Carney wrote:
> 
>> Likely related to recent targeted policy updates...:
>> 
>> Jun 14 10:03:09 lucy-01 kernel: audit(1118768589.854:0): avc:  denied
>> { execmod } for  pid=5660 comm=acroread
>> path=/opt/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api dev=sdb6
>> ino=65721 scontext=user_u:system_r:unconfined_t
>> tcontext=system_u:object_r:usr_t tclass=file
>> Jun 14 10:03:09 lucy-01 kernel: audit(1118768589.868:0): avc:  denied
>> { execmod } for  pid=5660 comm=acroread
>> path=/opt/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl dev=sdb6
>> ino=65676 scontext=user_u:system_r:unconfined_t
>> tcontext=system_u:object_r:usr_t tclass=file
>> 
>> 62> ls -Z /opt/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api
>> -rwxr-xr-x  root     root
>> system_u:object_r:usr_t
>> /opt/Acrobat7.0/Reader/intellinux/plug_ins/AcroForm.api* 63> ls -Z
>> /opt/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl
>> -rwxr-xr-x  root     root
>> system_u:object_r:usr_t
>> /opt/Acrobat7.0/Reader/intellinux/SPPlugins/ADMPlugin.apl* 64>
>> 
>> I'm running FC3, targeted policy:
>> 
>> 47> rpm -q -a 'selinux*'
>> selinux-policy-strict-1.19.10-2
>> selinux-doc-1.14.1-1
>> selinux-policy-targeted-1.17.30-3.2
>> 48>
>> 
>> Could some kind soul clue me into the right incantation to get this
>> working again? Thanks.
> 
> Ok, these files are shared libraries, so I imagine the context should be:
> 
> system_u:object_r:shlib_t rather than system_u:object_r:usr_t.
> 
> Should I be making changes to:
> 
> /etc/selinux/targeted/contexts/files/file_contexts
> 
> and adding entries for these files and then rerun setfiles?

Ok, adding explicit security context entries for acrobat worked. See the
attachment for the entries I added to:

/etc/selinux/targeted/contexts/files/file_contexts

which solved the problem. The following question remains: Are the steps I
took correct for resolving the problem? Thanks.

#
# Acrobat7.0...
#
/opt/Acrobat7.0/Browser/.*/nppdf\.so	--	system_u:object_r:shlib_t
/opt/Acrobat7.0/Reader/.*/plug_ins/.*\.api	--	system_u:object_r:shlib_t
/opt/Acrobat7.0/Reader/.*/SPPlugins/ADMPlugin\.apl	--	system_u:object_r:shlib_t

Follow-Ups:
- Re: acrobat 7 stopped working recently...
  - From: Richard Irving

References:
- acrobat 7 stopped working recently...
  - From: Michael W. Carney
- Re: acrobat 7 stopped working recently...
  - From: Michael W. Carney

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]