SELinux errors, SELinux and wine
Hi,
I have been running Fedora 9, and installed Crossover, and two Windows program types- Eudora and Office. Aside from several SELinux crashes here and there, both have worked fine. I tried to migrate to Fedora 14, and I'm having a very hard time with SELinux. The Eudora programs were denied by SELinux, and I get warnings every time I run crossover. Along with the warning I receive, SELinux provides several options, with the most permissive (I know, least secure) seeming like it would be the best. However, I can't get it to work. I would dump Eudora now and go to Thunderbird, but I also do need MS Office - so I really need to get this working! Any help would be immensely appreciated. Below is the SELinux message: Code:
Source process: wine-preloader Code:
# grep /opt/cxoffice/bin/wine-preloader /var/log/audit/audit.log | audit2allow -M mypol I don't want to turn off SELinux, but I figure this exception would be the best compromise. Any help or guidance in getting it running is appreciated. Thank you!! |
What does 'grep /opt/cxoffice/bin/wine-preloader /var/log/audit/audit.log' return?
|
grep /opt/cxoffice/bin/wine-preloader /var/log/audit/audit.log
Sorry if this is a big garbled, but here is output of grep /opt/cxoffice/bin/wine-preloader /var/log/audit/audit.log. I had to append because there's too much text for this post. Thank you !!
Code:
type=SYSCALL msg=audit(1294201755.163:31464): arch=40000003 syscall=90 success=no exit=-13 a0=bf88c15c a1=0 a2=bf88c15c a3=5a items=0 ppid=5429 pid=5430 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="wine-preloader" exe="/opt/cxoffice/bin/wine-preloader" subj=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 key=(null) |
porting from a old fedora to a new one dose not work well
i would just do CLEAN installs ( i just "love" INSTALL.EXE for EVERY program ) of MS office and Eudora in the NEWER version of wine on fedora 14 also you might need to make SE rules this should be explained in the docs below you use the error logs to set up the se rule http://docs.fedoraproject.org/en-US/...ide/index.html or dual boot with windows 7 for the current MS Office |
Thanks for the info.
I tried Googling my error, but I must have not used the most accurate search terms. I see it listed as a bug: https://bugzilla.redhat.com/show_bug.cgi?id=665505 Thanks for the responses thus far! |
run the GUI tool "SELinuxTroubleShooter "
there should also be a yellow star on the top right of the Gnome tool bar ( next to the Time and date) that is the icon for that program ( the default settings are for it to run ) the errors will normaly give one of two FIXES and 99% of the time they work |
Quote:
|
Ok, thanks a ton for the help! I'm going to post a few lines from each result. If I do try 'setsebool -P mmap_low_allowed 1' and that doesn't work, should I just set it back with 'setsebool -P mmap_low_allowed 0'?
[root@localhost southen]# egrep "(wine-preloader|memprotect)" /var/log/audit/audit.log Code:
type=AVC msg=audit(1294201755.163:31464): avc: denied { mmap_zero } for pid=5430 comm="wine-preloader" scontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 tclass=memprotect [root@localhost southen]# ausearch -m AVC --comm "wine-preloader"; Code:
time->Tue Jan 4 23:29:15 2011 |
Given your output I'd have a go at setting the boolean. You can always undo that, like you posted yes, if it doesn't work.
|
Sorry for the delay in updating, I had to move for work, so I had to pop in my old F9 hard drive until I could get back to this!
When I made the 'setsebool -P mmap_low_allowed 1' change, but the Eudora program didn't launch. After seeing that a SELinux bug gave the wrong file location for the audit2allow command, grep /opt/cxoffice/bin/wine-preloader /var/log/audit/audit.log | audit2allow -M mypol ( I think it was just "audit.log"), I used the proper audit2allow syntax and now I don't get SE Linux errors. At the same time, I realized that when I automounted my VFAT where the Eudora program lived, the program would not run. However, when I mount manually upon booting up, it does work. I used the same fstab settings as F9 (/dev/sda3 /media/SHARED vfat umask=0000,dmask=0000,uid=0002,gid=users,users 0 0) (I posted a separate question on this, http://www.linuxquestions.org/questi...a-14-a-858950/) Thinking about this, maybe the setsebool command would have worked had I not automounted? Is there any point to giving this a shot? Does the audit2allow command I inputted offer less security than if I had used setsebool? If so, how would I remove the audit2allow exception I created - would it just be as easy as deleting the mypol.pp? Thanks very much for any help, and your input thus far!! |
Quote:
Quote:
|
All times are GMT -5. The time now is 04:41 PM. |