On Fri, 7 Mar 2008 12:05:22 -0500 Therese Trudeau mswotr@hotmail.com took out a #2 pencil and scribbled:
I tried re enabling SELinux and OO won't start, so I assume that I must have SE Linux disabled in order for OpenOffice to run - is this correct?
if correct, is there a way I can still keep my system secure and run OpenOffice 2.3?
You do not have to keep selinux disabled. You can re-enable it; however, you may get a couple selinux failures. This is what happens on my system when running in Enforcing mode.
- Selinux complains about a memory access
by /opt/openoffice.org2.3/program/libvclplug_gen680li.so.1.1
- Selinux complains about openoffice attempting to change the
memory access protection on the heap.
To solve number 1. on my system: sudo chcon -t textrel_shlib_t /opt/openoffice.org2.3/program/libvclplug_gen680li.so.1.1
Please mind the line wrapping. To solve issue 2. on my system: sudo setsebool -P allow_execheap=1
I am not entirely sure that it is wise to perform the second step, as it affects all applications that run on the system. So it seems a bit of a sledgehammer.
To view what selinux is complaining about you may want to install the setroubleshoot package from yum and view what it is complaining about exactly. It will also give you suggestions on how to fix the selinux complaints.
OK Thanks. I'm wondering if a secure alternative would be to run SELinux in permissive mode instead of disabled?
I would highly suggest running it in permissive mode, and then taking care of little problems that arise when you start applications up. I ran into this same issue that you have been having with OpenOffice, as I run selinux in Enforcing mode.
Selinux doesn't complain too terribly much about my normal behaviors on my system. YMMV of course.
HTH
Alex White