12:27 a.m.
It seems to be saying that the directory access requested requires
labeling as usr_t, but its current type is usr_t -- it requires
usr_t but it's currently labeled usr_t -- there appears to
confusion here on the part of Selinux, no? I've tried applying the
recommended fix, but the recommended fix just resets the labelling
to what it already is, and I'm going round in circles
Summary:
SELinux is preventing /opt/google-earth/googleearth-bin "execmod"
access to
/opt/google-earth/libIGGfx.so.
Detailed Description:
SELinux denied access requested by /opt/google-earth/googleearth-
bin.
/opt/google-earth/googleearth-bin is mislabeled.
/opt/google-earth/googleearth-bin default SELinux type is usr_t,
but its current
type is usr_t. Changing this file back to the default type, may
fix your
problem.
--
Claude Jones
Brunswick, MD, USA
7:29 a.m.
New subject: selinux throwing incomprehensible errors when trying to run GoogleEarth (Solved)
On Wednesday, July 28, 2010, Claude Jones wrote:
Dan Walsh's suggestions took care of the Selinux problem. The
second problem had to do with running x64 - Google is aware of
the issue and this page goes into it:
http://www.google.com/support/forum/p/earth/thread?tid=314c37c5
83d3ba62&hl=en
Some have gotten successful performance by installing the
32-bit xorg-x11-drv 32 bit libs for their video card. In my
case, installing the 32-bit libs finally allowed GoogleEarth
to open, but the performance was hyper-sluggish and unusable
and the program eventually just froze - on my system, I'm
running the proprietary nVidia 195.36.31 driver with a G72
[GeForce 7300 SE/7200 GS] (rev a1) video card (not too
dissimilar to setups that folks claimed sucess with on the
above page)
The performance problem solved itself. I can't say whether it was
a reboot, or some updates, because both of these took place after
I'd encountered the problem and then saw resolution. But,
GoogleEarth works perfectly now.
--
Claude Jones
Brunswick, MD, USA
7:25 a.m.
New subject: selinux throwing incomprehensible errors when trying to run GoogleEardh
On Mon July 26 2010, Daniel J Walsh wrote:
On 07/26/2010 01:27 AM, Claude Jones wrote:
> It seems to be saying that the directory access requested
> requires labeling as usr_t, but its current type is usr_t --
> it requires usr_t but it's currently labeled usr_t -- there
> appears to confusion here on the part of Selinux, no? I've
> tried applying the recommended fix, but the recommended fix
> just resets the labelling to what it already is, and I'm
> going round in circles
>
> Summary:
>
> SELinux is preventing /opt/google-earth/googleearth-bin
> "execmod" access to
> /opt/google-earth/libIGGfx.so.
>
> Detailed Description:
>
> SELinux denied access requested by
> /opt/google-earth/googleearth- bin.
> /opt/google-earth/googleearth-bin is mislabeled.
> /opt/google-earth/googleearth-bin default SELinux type is
> usr_t, but its current
> type is usr_t. Changing this file back to the default type,
> may fix your
> problem.
Run
restorecon -R -v /opt
Should fix the labels.
Thanks, Dan. That did something, and I got a little further, with
the GoogleEarth splash screen displaying for the first time, but
then it closed out, and the actual program never started, and I
got another SeAlert message:
Summary:
SELinux is preventing /opt/google-earth/googleearth-bin "execmod"
access to
/opt/google-earth/libIGGfx.so.
Detailed Description:
SELinux denied access requested by /opt/google-earth/googleearth-
bin.
/opt/google-earth/googleearth-bin is mislabeled.
/opt/google-earth/googleearth-bin default SELinux type is usr_t,
but its current
type is usr_t. Changing this file back to the default type, may
fix your
problem.
If you believe this is a bug, please file a bug report against
this package.
Allowing Access:
You can restore the default system context to this file by
executing the
restorecon command. restorecon '/opt/google-earth/googleearth-
bin'.
Fix Command:
/sbin/restorecon '/opt/google-earth/googleearth-bin'
Additional Information:
Source Context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Context unconfined_u:object_r:usr_t:s0
Target Objects /opt/google-earth/libIGGfx.so [ file
]
Source googleearth-bin
Source Path /opt/google-earth/googleearth-bin
Port <Unknown>
Host tehogee.localdomain
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.7.19-39.fc13
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name restore_source_context
Host Name tehogee.localdomain
Platform Linux tehogee.localdomain
2.6.33.6-147.fc13.x86_64
#1 SMP Tue Jul 6 22:32:17 UTC 2010
x86_64 x86_64
Alert Count 8
First Seen Sun 25 Jul 2010 08:59:32 PM EDT
Last Seen Mon 26 Jul 2010 01:19:13 AM EDT
Local ID d0b51729-0e62-41e0-9c03-ff177cd4e671
Line Numbers
Raw Audit Messages
node=tehogee.localdomain type=AVC msg=audit(1280121553.393:24981):
avc: denied { execmod } for pid=21349 comm="googleearth-bin"
path="/opt/google-earth/libIGGfx.so" dev=sdb3 ino=1313604
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
node=tehogee.localdomain type=SYSCALL
msg=audit(1280121553.393:24981): arch=40000003 syscall=125
success=no exit=-13 a0=8462000 a1=370000 a2=5 a3=ffb78460 items=0
ppid=18875 pid=21349 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=208
comm="googleearth-bin" exe="/opt/google-earth/googleearth-bin"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
key=(null)
--
Claude Jones
Brunswick, MD, USA
11:15 p.m.
New subject: selinux throwing incomprehensible errors when trying to run GoogleEarth (Solved, sort of)
Dan Walsh's suggestions took care of the Selinux problem. The
second problem had to do with running x64 - Google is aware of the
issue and this page goes into it:
http://www.google.com/support/forum/p/earth/thread?tid=314c37c583d3ba62&a...
Some have gotten successful performance by installing the 32-bit
xorg-x11-drv 32 bit libs for their video card. In my case,
installing the 32-bit libs finally allowed GoogleEarth to open,
but the performance was hyper-sluggish and unusable and the
program eventually just froze - on my system, I'm running the
proprietary nVidia 195.36.31 driver with a G72 [GeForce 7300
SE/7200 GS] (rev a1) video card (not too dissimilar to setups that
folks claimed sucess with on the above page)
--
Claude Jones
Brunswick, MD, USA
11:40 p.m.
New subject: selinux throwing incomprehensible errors when trying to run GoogleEarth (65 line crash report included)
On Mon July 26 2010, Daniel J Walsh wrote:
Easiest thing to do is turn off the check.
# setsebool -P allow_execmod 1
thanks again, Dan - unfortunately, GoogleEarth still won't run,
but, not due to Selinux - there's a long crash report that gets
generated, now, but it's not too informative - for anyone who
cares to look, here it is:
http://www.eelpotflats.com/files/crashlog-4c4e5e36.txt
--
Claude Jones
Brunswick, MD, USA
10:51 a.m.
New subject: selinux throwing incomprehensible errors when trying to run GoogleEardh
On Mon, Jul 26, 2010 at 10:40 AM, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
Easiest thing to do is turn off the check.
# setsebool -P allow_execmod 1
I'm not sure if it's required for google earth, but in addition to the
above I also had to add the following to /etc/sysctl.conf for Picasa
to work:
vm.mmap_min_addr = 0
Richard
10:40 a.m.
New subject: selinux throwing incomprehensible errors when trying to run GoogleEardh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/26/2010 08:25 AM, Claude Jones wrote:
On Mon July 26 2010, Daniel J Walsh wrote:
> On 07/26/2010 01:27 AM, Claude Jones wrote:
>> It seems to be saying that the directory access requested
>> requires labeling as usr_t, but its current type is usr_t --
>> it requires usr_t but it's currently labeled usr_t -- there
>> appears to confusion here on the part of Selinux, no? I've
>> tried applying the recommended fix, but the recommended fix
>> just resets the labelling to what it already is, and I'm
>> going round in circles
>>
>> Summary:
>>
>> SELinux is preventing /opt/google-earth/googleearth-bin
>> "execmod" access to
>> /opt/google-earth/libIGGfx.so.
>>
>> Detailed Description:
>>
>> SELinux denied access requested by
>> /opt/google-earth/googleearth- bin.
>> /opt/google-earth/googleearth-bin is mislabeled.
>> /opt/google-earth/googleearth-bin default SELinux type is
>> usr_t, but its current
>> type is usr_t. Changing this file back to the default type,
>> may fix your
>> problem.
>
> Run
>
> restorecon -R -v /opt
>
> Should fix the labels.
Thanks, Dan. That did something, and I got a little further, with
the GoogleEarth splash screen displaying for the first time, but
then it closed out, and the actual program never started, and I
got another SeAlert message:
Summary:
SELinux is preventing /opt/google-earth/googleearth-bin "execmod"
access to
/opt/google-earth/libIGGfx.so.
Detailed Description:
SELinux denied access requested by /opt/google-earth/googleearth-
bin.
/opt/google-earth/googleearth-bin is mislabeled.
/opt/google-earth/googleearth-bin default SELinux type is usr_t,
but its current
type is usr_t. Changing this file back to the default type, may
fix your
problem.
If you believe this is a bug, please file a bug report against
this package.
Allowing Access:
You can restore the default system context to this file by
executing the
restorecon command. restorecon '/opt/google-earth/googleearth-
bin'.
Fix Command:
/sbin/restorecon '/opt/google-earth/googleearth-bin'
Additional Information:
Source Context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Context unconfined_u:object_r:usr_t:s0
Target Objects /opt/google-earth/libIGGfx.so [ file
]
Source googleearth-bin
Source Path /opt/google-earth/googleearth-bin
Port <Unknown>
Host tehogee.localdomain
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.7.19-39.fc13
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name restore_source_context
Host Name tehogee.localdomain
Platform Linux tehogee.localdomain
2.6.33.6-147.fc13.x86_64
#1 SMP Tue Jul 6 22:32:17 UTC 2010
x86_64 x86_64
Alert Count 8
First Seen Sun 25 Jul 2010 08:59:32 PM EDT
Last Seen Mon 26 Jul 2010 01:19:13 AM EDT
Local ID d0b51729-0e62-41e0-9c03-ff177cd4e671
Line Numbers
Raw Audit Messages
node=tehogee.localdomain type=AVC msg=audit(1280121553.393:24981):
avc: denied { execmod } for pid=21349 comm="googleearth-bin"
path="/opt/google-earth/libIGGfx.so" dev=sdb3 ino=1313604
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
node=tehogee.localdomain type=SYSCALL
msg=audit(1280121553.393:24981): arch=40000003 syscall=125
success=no exit=-13 a0=8462000 a1=370000 a2=5 a3=ffb78460 items=0
ppid=18875 pid=21349 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=208
comm="googleearth-bin" exe="/opt/google-earth/googleearth-bin"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
key=(null)
Easiest thing to do is turn off the check.
# setsebool -P allow_execmod 1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxNrFkACgkQrlYvE4MpobPFPQCgmj2GhMfyM8MnmJ8h1XMH2XjZ
m1kAnA+lMu0E4hKNEMntWa744I9QKm+C
=oBrc
-----END PGP SIGNATURE-----
6:44 a.m.
New subject: selinux throwing incomprehensible errors when trying to run GoogleEardh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/26/2010 01:27 AM, Claude Jones wrote:
It seems to be saying that the directory access requested requires
labeling as usr_t, but its current type is usr_t -- it requires
usr_t but it's currently labeled usr_t -- there appears to
confusion here on the part of Selinux, no? I've tried applying the
recommended fix, but the recommended fix just resets the labelling
to what it already is, and I'm going round in circles
Summary:
SELinux is preventing /opt/google-earth/googleearth-bin "execmod"
access to
/opt/google-earth/libIGGfx.so.
Detailed Description:
SELinux denied access requested by /opt/google-earth/googleearth-
bin.
/opt/google-earth/googleearth-bin is mislabeled.
/opt/google-earth/googleearth-bin default SELinux type is usr_t,
but its current
type is usr_t. Changing this file back to the default type, may
fix your
problem.
Run
restorecon -R -v /opt
Should fix the labels.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxNdQgACgkQrlYvE4MpobOyGACglDq4eH8uQ6HFQHNxp4P3Ly+h
yHoAoNujNPLYcbVEjhxcMDnWJG505QSZ
=LeV2
-----END PGP SIGNATURE-----
4:48 a.m.
New subject: selinux throwing incomprehensible errors when trying to run GoogleEardh
On 07/26/2010 06:27 AM, Claude Jones wrote:
It seems to be saying that the directory access requested requires
labeling as usr_t, but its current type is usr_t -- it requires
usr_t but it's currently labeled usr_t -- there appears to
confusion here on the part of Selinux, no? I've tried applying the
recommended fix, but the recommended fix just resets the labelling
to what it already is, and I'm going round in circles
Summary:
SELinux is preventing /opt/google-earth/googleearth-bin "execmod"
access to
/opt/google-earth/libIGGfx.so.
Detailed Description:
SELinux denied access requested by /opt/google-earth/googleearth-
bin.
/opt/google-earth/googleearth-bin is mislabeled.
/opt/google-earth/googleearth-bin default SELinux type is usr_t,
but its current
type is usr_t. Changing this file back to the default type, may
fix your
problem.
There's a discussion and a fix at
https://bugzilla.redhat.com/show_bug.cgi?id=550589
This seems to have been fixed in 2009, so I don't know why you're seeing
it now.
Andrew.
5015
days inactive
5030
days old
8 comments
4 participants
participants (4)
-
Andrew Haley -
Claude Jones -
Daniel J Walsh -
Richard Shaw