LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop
User Name
Password
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.

Notices


Reply
  Search this Thread
Old 03-17-2008, 01:53 PM   #1
arijit_2404
Member
 
Registered: Jul 2007
Location: Kolkata, India
Distribution: Fedora 9
Posts: 85

Rep: Reputation: 15
Question SELinux error message when working in OpenOffice Writer


Hi everybody,
Today I got an error message in my Fedora installation while working on OpenOffice.. I don't know what it means because I'm not that much knowledgeable person.

I was working in OpenOffice Writer. Before start writing, I wanted to use the wizard from 'File' menu. I choose 'Letter' from the sub-menu. As soon as I clicked the sub-menu, I got an SELinux error message.

Here's the trimmed version of the message:

Summary: SELinux is preventing swriter.bin from changing the access protection of memory on the heap.

Detailed Description: The swriter.bin application attempted to change the access protection of memory on the heap (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If swriter.bin does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report against this package.
I really don't know much about this message. Should I file a bug-report as per the suggestion from SELinux? Or is it something else?
 
Old 03-17-2008, 02:05 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by arijit_2404 View Post
Here's the trimmed version of the message
If you're unsure *always* post unabbreviated messages as it makes it easier for us to help you. Besides the workaround was noted at the end of the message, running "setsebool -P allow_execheap=1".


Quote:
Originally Posted by arijit_2404 View Post
Should I file a bug-report as per the suggestion from SELinux?
Yes, please do. The more people do the more chance we have things will be changed.
 
Old 03-17-2008, 03:28 PM   #3
arijit_2404
Member
 
Registered: Jul 2007
Location: Kolkata, India
Distribution: Fedora 9
Posts: 85

Original Poster
Rep: Reputation: 15
Ok, here's full message:
Quote:
Summary:
SELinux is preventing swriter.bin from changing the access protection of memory on the heap.

Detailed Description:
The swriter.bin application attempted to change the access protection of memory on the heap (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If swriter.bin does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report against this package.

Allowing Access:
If you want swriter.bin to continue, you must turn on the allow_execheap boolean.
Note: This boolean will affect all applications on the system. The following command will allow this access:setsebool -P allow_execheap=1

Additional Information:
Source Context: unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023
Target Context: unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023
Target Objects: None [ process ]
Source: swriter.binSource
Path: /usr/lib/openoffice.org/program/swriter.binPort: <Unknown>
Host: lenovo
Source RPM Packages: openoffice.org-writer-2.3.0-6.11.fc8
Target RPM Packages:
Policy RPM: selinux-policy-3.0.8-87.fc8
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: allow_execheap
Host Name: lenovo
Platform: Linux lenovo 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686
Alert Count: 825
First Seen: Mon 17 Mar 2008 11:02:35 PM IST
Last Seen: Mon 17 Mar 2008 11:03:29 PM IST
Local ID: 3c88f649-5f8a-479e-8b6c-cbfaee49f098
Line Numbers:
Raw Audit Messages :host=lenovo type=AVC msg=audit(1205775209.893:847): avc: denied { execheap } for pid=2863 comm="swriter.bin" scontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process host=lenovo type=SYSCALL msg=audit(1205775209.893:847): arch=40000003 syscall=125 success=no exit=-13 a0=8053000 a1=41a000 a2=5 a3=bfa26390 items=0 ppid=2853 pid=2863 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="swriter.bin" exe="/usr/lib/openoffice.org/program/swriter.bin" subj=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 key=(null)
My question is, Should I allow this application using suggested way?

And please let me know how and where can I file my bug-report.
I would like to help the community and do my part of the work.

thanks for the help.
 
Old 03-17-2008, 06:52 PM   #4
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 77
According to this site, one possible solution is to enter the commands below in the program directory of your OOo installation
Code:
chcon -t textrel_shlib_t libvclplug_gen680li.so.1.1
Other possible solutions are listed here.

Last edited by reddazz; 03-17-2008 at 06:53 PM.
 
Old 03-17-2008, 08:00 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by arijit_2404 View Post
My question is, Should I allow this application using suggested way?
Flipping this boolean affects the *whole* unconfined system, IIGC. I'd say if you don't need it don't enable it. You could locate "soffice" (as it is a shell script that drives soffice.bin) and patch it with this diff:
Code:
--- /usr/local/openoffice.org2.3/program/soffice        2007-11-13 16:59:39.000000000 +0100
+++ /usr/local/openoffice.org2.3/program/soffice        2007-11-13 16:00:40.000000000 +0100
@@ -244,7 +244,10 @@
 fi
 export PATH
 
-
+# SELinux "execheap" errors workaround: on
+# Since execheap should be off by default just toggle it.
+# Requires /etc/sudoers entry for user with "NOPASSWD: /usr/sbin/togglesebool allow_execheap"
+sudo /usr/sbin/togglesebool allow_execheap
 # execute soffice binary
 "$sd_prog/$sd_binary" "$@" &
 trap 'kill -9 $!' TERM
@@ -255,5 +258,7 @@
        "$sd_prog/$sd_binary" ""$BOOTSTRAPVARS"" &
     wait $!
 done
+# SELinux "execheap" errors workaround: off
+sudo /usr/sbin/togglesebool allow_execheap
 
 exit
..this should enable it while running and disable it when done. Needs a /etc/sudoers entry though to work for non-root users since the *sebool binaries aren't sposed to be run by users other than root.


Quote:
Originally Posted by arijit_2404 View Post
And please let me know how and where can I file my bug-report.
I'd add it to Fedora's bugtracker. If it's not theirs to fix they'll notify upstream (or so I'd hope).



Quote:
Originally Posted by reddazz View Post
chcon -t textrel_shlib_t libvclplug_gen680li.so.1.1
I only see a heap problem? I don't see any execmod problems requiring a text relocation exception in his OP or FUP?
 
Old 03-17-2008, 10:57 PM   #6
arijit_2404
Member
 
Registered: Jul 2007
Location: Kolkata, India
Distribution: Fedora 9
Posts: 85

Original Poster
Rep: Reputation: 15
Sorry for late reply (it was night here in India).

I have successfully patched the file. After that I've worked in OpenOffice, and yet to receive any SELinux error. But I would like to see more.
Thanks guys.
This community is really helpful.
 
Old 03-18-2008, 06:58 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by arijit_2404 View Post
But I would like to see more.
Cool to see it works. But what do you mean by "more"? More errors? Wasn't one enough? :-]
 
Old 03-18-2008, 07:07 AM   #8
arijit_2404
Member
 
Registered: Jul 2007
Location: Kolkata, India
Distribution: Fedora 9
Posts: 85

Original Poster
Rep: Reputation: 15
I meant to say that I would like to work more extensively to see if everything is alright.
Also if I found more errors then I can report back, so that bugs can be fixed. Just want to help community. [:-)]
 
Old 03-18-2008, 07:44 AM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Ah, OK, I see.

If you report bugs please check if they are already ticketed.
 
  


Reply

Tags
error, openoffice.org, selinux


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fonts for OpenOffice Writer manolakis Debian 9 10-05-2007 04:42 PM
SELinux Message when trying automount/autofs louisb Linux - Security 1 07-28-2007 05:27 AM
OpenOffice Writer Maurice Arthur Mandriva 3 05-06-2004 01:55 AM
OpenOffice 1.1 writer OceanSurf Linux - Software 6 05-03-2004 10:54 AM
Error message with CD writer CJB Linux - Newbie 1 01-11-2004 06:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop

All times are GMT -5. The time now is 06:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration