Hi while following the stops to install JRE as per http://stanton-finley.net/fedora_core_5_installation_notes.html
the instruction which says: If you have not already done so go to "System" > "Administration" > "Security Level and Firewall". Enter your root password and click "ok". On the "SELinux" tab click on "Modify SELinux Policy", click on "Compatibility" to open it and tick the check box next to "Allow the use of shared libraries with Text Relocation". Click "ok". Reboot your machine to implement the new SELinux policy.
I don't have kde or gnome and neither of the following seams to match what the article is talking about. # system-config-securitylevel # system-config-securitylevel-tui --------------------------------- Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.
On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi while following the stops to install JRE as per http://stanton-finley.net/fedora_core_5_installation_notes.html
the instruction which says: If you have not already done so go to "System" > "Administration" > "Security Level and Firewall". Enter your root password and click "ok". On the "SELinux" tab click on "Modify SELinux Policy", click on "Compatibility" to open it and tick the check box next to "Allow the use of shared libraries with Text Relocation". Click "ok". Reboot your machine to implement the new SELinux policy.
I don't have kde or gnome and neither of the following seams to match what the article is talking about. # system-config-securitylevel # system-config-securitylevel-tui
This action sets the allow_execmod SELinux boolean. You could do that from the command line without using system-config-securitylevel as follows:
# setsebool -P allow_execmod 1
There is no need to reboot after doing this.
However, this is not the best way of solving the problem, as it relaxes security much more than necessary. A better way would be to set the SElinux context type of the java libraries to textrel_shlib_t, which would have the same effect but only for those particular libraries.
Paul.
Paul Howarth paul@city-fan.org wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi while following the stops to install JRE as per http://stanton-finley.net/fedora_core_5_installation_notes.html
the instruction which says: If you have not already done so go to "System" > "Administration" > "Security Level and Firewall". Enter your root password and click "ok". On the "SELinux" tab click on "Modify SELinux Policy", click on "Compatibility" to open it and tick the check box next to "Allow the use of shared libraries with Text Relocation". Click "ok". Reboot your machine to implement the new SELinux policy.
...
This action sets the allow_execmod SELinux boolean. You could do that from the command line without using system-config-securitylevel as follows:
# setsebool -P allow_execmod 1
There is no need to reboot after doing this.
However, this is not the best way of solving the problem, as it relaxes security much more than necessary. A better way would be to set the SElinux context type of the java libraries to textrel_shlib_t, which would have the same effect but only for those particular libraries.
Paul.
set the SElinux context type ... I don't understand, who is it done, could some one provide a link to the docs please.
--------------------------------- How low will we go? Check out Yahoo! Messengers low PC-to-Phone call rates.
On Mon, Oct 02, 2006 at 10:43:16 -0700, "Fred J." phddas@yahoo.com wrote:
set the SElinux context type ... I don't understand, who is it done, could some one provide a link to the docs please.
The command to change security context is chcon. There is a man page for it. If you have further interest in selinux, you might take a look at: http://fedoraproject.org/wiki/SELinux
Paul Howarth paul@city-fan.org wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi while following the stops to install JRE as per http://stanton-finley.net/fedora_core_5_installation_notes.html
the instruction which says: If you have not already done so go to "System" > "Administration" > "Security Level and Firewall". Enter your root password and click "ok". On the "SELinux" tab click on "Modify SELinux Policy", click on "Compatibility" to open it and tick the check box next to "Allow the use of shared libraries with Text Relocation". Click "ok". Reboot your machine to implement the new SELinux policy.
I don't have kde or gnome and neither of the following seams to match what the article is talking about. # system-config-securitylevel # system-config-securitylevel-tui
This action sets the allow_execmod SELinux boolean. You could do that from the command line without using system-config-securitylevel as follows:
# setsebool -P allow_execmod 1
There is no need to reboot after doing this.
However, this is not the best way of solving the problem, as it relaxes security much more than necessary. A better way would be to set the SElinux context type of the java libraries to textrel_shlib_t, which would have the same effect but only for those particular libraries.
Paul.
does this mean that I should ignore the step in the instruction which talks about "Allow the use of shared libraries with Text Relocation". and go ahead with the rest of the steps as listed here http://stanton-finley.net/fedora_core_5_installation_notes.html under Java and then go back and set the SElinux context type of the java libraries to textrel_shlib_t. ?
--------------------------------- Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail.
Fred J. wrote:
Paul Howarth paul@city-fan.org wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi while following the stops to install JRE as per http://stanton-finley.net/fedora_core_5_installation_notes.html
the instruction which says: If you have not already done so go to "System" > "Administration" > "Security Level and Firewall". Enter your root password and click "ok". On the "SELinux" tab click on "Modify SELinux Policy", click on "Compatibility" to open it and tick the check box next to "Allow the use of shared libraries with Text Relocation". Click "ok". Reboot your machine to implement the new SELinux policy.
I don't have kde or gnome and neither of the following seams to match what the article is talking about. # system-config-securitylevel # system-config-securitylevel-tui
This action sets the allow_execmod SELinux boolean. You could do that from the command line without using system-config-securitylevel as follows:
# setsebool -P allow_execmod 1
There is no need to reboot after doing this.
However, this is not the best way of solving the problem, as it relaxes security much more than necessary. A better way would be to set the SElinux context type of the java libraries to textrel_shlib_t, which would have the same effect but only for those particular libraries.
Paul.
does this mean that I should ignore the step in the instruction which talks about "Allow the use of shared libraries with Text Relocation". and go ahead with the rest of the steps as listed here http://stanton-finley.net/fedora_core_5_installation_notes.html under Java and then go back and set the SElinux context type of the java libraries to textrel_shlib_t. ?
Yes, you could do it that way.
However, I think a better way, from both a system maintenance and SELinux point of view, would be to use the JPackage RPMs. You need to build these yourself due to the way Sun license Java, and this may appear at first to be a daunting prospect, but it's not difficult really. See: http://www.city-fan.org/tips/JpackageJava
Installing Java using the JPackage RPMs will get all of the SELinux contexts set correctly "out of the box" and the software will be managed by RPM, just like all the other software on the system. It really is the best way IMHO.
Paul.
Paul Howarth paul@city-fan.org wrote: Fred J. wrote:
Paul Howarth
wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi while following the stops to install JRE as per http://stanton-finley.net/fedora_core_5_installation_notes.html
the instruction which says: If you have not already done so go to "System" > "Administration" > "Security Level and Firewall". Enter your root password and click "ok". On the "SELinux" tab click on "Modify SELinux Policy", click on "Compatibility" to open it and tick the check box next to "Allow the use of shared libraries with Text Relocation". Click "ok". Reboot your machine to implement the new SELinux policy.
I don't have kde or gnome and neither of the following seams to match what the article is talking about. # system-config-securitylevel # system-config-securitylevel-tui
This action sets the allow_execmod SELinux boolean. You could do that from the command line without using system-config-securitylevel as follows:
# setsebool -P allow_execmod 1
There is no need to reboot after doing this.
However, this is not the best way of solving the problem, as it relaxes security much more than necessary. A better way would be to set the SElinux context type of the java libraries to textrel_shlib_t, which would have the same effect but only for those particular libraries.
Paul.
does this mean that I should ignore the step in the instruction which talks about "Allow the use of shared libraries with Text Relocation". and go ahead with the rest of the steps as listed here http://stanton-finley.net/fedora_core_5_installation_notes.html under Java and then go back and set the SElinux context type of the java libraries to textrel_shlib_t. ?
Yes, you could do it that way.
However, I think a better way, from both a system maintenance and SELinux point of view, would be to use the JPackage RPMs. You need to build these yourself due to the way Sun license Java, and this may appear at first to be a daunting prospect, but it's not difficult really. See: http://www.city-fan.org/tips/JpackageJava
Installing Java using the JPackage RPMs will get all of the SELinux contexts set correctly "out of the box" and the software will be managed by RPM, just like all the other software on the system. It really is the best way IMHO.
Paul.
Paul thanks alot after going through the link I now have it. [fred@localhost i586]$ java -version java version "1.5.0_09" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01) Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode, sharing) [fred@localhost i586]$ cd /usr/lib/mozilla/plugins/ [fred@localhost plugins]$ ls [fred@localhost plugins]$ ls -a . .. [fred@localhost plugins]$ sudo ln -s ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so . Password: [fred@localhost plugins]$ ls -l total 4 lrwxrwxrwx 1 root root 62 Oct 4 03:46 libjavaplugin_oji.so -> ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so
however when I restart firefox, and go to a suitable page, it still asks to install a plugin JRE.
--------------------------------- Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail.
"Fred J." phddas@yahoo.com wrote:
Paul Howarth paul@city-fan.org wrote: Fred J. wrote:
Paul Howarth
wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi while following the stops to install JRE as per
...
Paul.
Paul thanks alot after going through the link I now have it. [fred@localhost i586]$ java -version java version "1.5.0_09" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01) Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode, sharing) [fred@localhost i586]$ cd /usr/lib/mozilla/plugins/ [fred@localhost plugins]$ ls [fred@localhost plugins]$ ls -a . .. [fred@localhost plugins]$ sudo ln -s ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so . Password: [fred@localhost plugins]$ ls -l total 4 lrwxrwxrwx 1 root root 62 Oct 4 03:46 libjavaplugin_oji.so -> ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so
however when I restart firefox, and go to a suitable page, it still asks to install a plugin JRE.I found the problem [fred@localhost plugins]$ sudo ln -s ../../../lib/jvm/java-1.<tab> java-1.4.2-gcj-1.4.2.0/ java-1.5.0-sun-1.5.0.09/ it looks like I have to uninstall the jre 1.4.2 I embarked upon before.
--------------------------------- Want to be your own boss? Learn how on Yahoo! Small Business.
Fred J. wrote:
"Fred J." phddas@yahoo.com wrote:
Paul Howarth paul@city-fan.org wrote: Fred J. wrote:
Paul Howarth
wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi while following the stops to install JRE as per
...
Paul.
Paul thanks alot after going through the link I now have it. [fred@localhost i586]$ java -version java version "1.5.0_09" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01) Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode, sharing) [fred@localhost i586]$ cd /usr/lib/mozilla/plugins/ [fred@localhost plugins]$ ls [fred@localhost plugins]$ ls -a . .. [fred@localhost plugins]$ sudo ln -s ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so . Password: [fred@localhost plugins]$ ls -l total 4 lrwxrwxrwx 1 root root 62 Oct 4 03:46 libjavaplugin_oji.so -> ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so
however when I restart firefox, and go to a suitable page, it still asks to install a plugin JRE.I found the problem [fred@localhost plugins]$ sudo ln -s ../../../lib/jvm/java-1.<tab> java-1.4.2-gcj-1.4.2.0/ java-1.5.0-sun-1.5.0.09/ it looks like I have to uninstall the jre 1.4.2 I embarked upon before.
../../../lib/jvm/java should be a symlink to /etc/alternatives/java_sdk, which should be a symlink to /usr/lib/jvm/java-1.5.0-sun (set up using "alternatives"), which should be a symlink to java-1.5.0-sun-1.5.0.09.
By following all of these symlinks, libjavaplugin_oji.so should point to /usr/lib/jvm/java-1.5.0-sun-1.5.0.09/jre/plugin/i386/ns7/libjavaplugin_oji.so.
The java-1.4.2-gcj-1.4.2.0 directory is the gcj-based implementation that comes with Fedora. Stanton's instructions have java installed under /opt.
Paul.
Paul Howarth paul@city-fan.org wrote: Fred J. wrote:
"Fred J."
wrote:
Paul Howarth
wrote: Fred J. wrote:
Paul Howarth
wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi while following the stops to install JRE as per
...
Paul.
Paul thanks alot after going through the link I now have it. [fred@localhost i586]$ java -version java version "1.5.0_09" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01) Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode, sharing) [fred@localhost i586]$ cd /usr/lib/mozilla/plugins/ [fred@localhost plugins]$ ls [fred@localhost plugins]$ ls -a . .. [fred@localhost plugins]$ sudo ln -s ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so . Password: [fred@localhost plugins]$ ls -l total 4 lrwxrwxrwx 1 root root 62 Oct 4 03:46 libjavaplugin_oji.so -> ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so
however when I restart firefox, and go to a suitable page, it still asks to install a plugin JRE.I found the problem [fred@localhost plugins]$ sudo ln -s ../../../lib/jvm/java-1. java-1.4.2-gcj-1.4.2.0/ java-1.5.0-sun-1.5.0.09/ it looks like I have to uninstall the jre 1.4.2 I embarked upon before.
../../../lib/jvm/java should be a symlink to /etc/alternatives/java_sdk, which should be a symlink to /usr/lib/jvm/java-1.5.0-sun (set up using "alternatives"), which should be a symlink to java-1.5.0-sun-1.5.0.09.
By following all of these symlinks, libjavaplugin_oji.so should point to /usr/lib/jvm/java-1.5.0-sun-1.5.0.09/jre/plugin/i386/ns7/libjavaplugin_oji.so.
I don't have "../../../lib/jvm/java" ]$ cd /usr/lib/mozilla/plugins/ [fred@localhost plugins]$ ls -l ../../../lib/jvm jvm/ jvm-commmon/ jvm-exports/ jvm-private/ [fred@localhost plugins]$ ls -l ../../../lib/jvm/java-1. java-1.4.2-gcj-1.4.2.0/ java-1.5.0-sun-1.5.0.09/
as well as "/etc/alternatives/java_sdk" [fred@localhost ~]$ ls -l /etc/alternatives/java java java.1.gz javaws javaws.1.gz
am I still ok?
thank you
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Fred J. wrote:
Paul Howarth paul@city-fan.org wrote: Fred J. wrote:
"Fred J."
wrote:
Paul Howarth
wrote: Fred J. wrote:
Paul Howarth
wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi while following the stops to install JRE as per
...
Paul.
Paul thanks alot after going through the link I now have it. [fred@localhost i586]$ java -version java version "1.5.0_09" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01) Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode, sharing) [fred@localhost i586]$ cd /usr/lib/mozilla/plugins/ [fred@localhost plugins]$ ls [fred@localhost plugins]$ ls -a . .. [fred@localhost plugins]$ sudo ln -s ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so . Password: [fred@localhost plugins]$ ls -l total 4 lrwxrwxrwx 1 root root 62 Oct 4 03:46 libjavaplugin_oji.so -> ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so
however when I restart firefox, and go to a suitable page, it still asks to install a plugin JRE.I found the problem [fred@localhost plugins]$ sudo ln -s ../../../lib/jvm/java-1. java-1.4.2-gcj-1.4.2.0/ java-1.5.0-sun-1.5.0.09/ it looks like I have to uninstall the jre 1.4.2 I embarked upon before.
../../../lib/jvm/java should be a symlink to /etc/alternatives/java_sdk, which should be a symlink to /usr/lib/jvm/java-1.5.0-sun (set up using "alternatives"), which should be a symlink to java-1.5.0-sun-1.5.0.09.
By following all of these symlinks, libjavaplugin_oji.so should point to /usr/lib/jvm/java-1.5.0-sun-1.5.0.09/jre/plugin/i386/ns7/libjavaplugin_oji.so.
I don't have "../../../lib/jvm/java" ]$ cd /usr/lib/mozilla/plugins/ [fred@localhost plugins]$ ls -l ../../../lib/jvm jvm/ jvm-commmon/ jvm-exports/ jvm-private/ [fred@localhost plugins]$ ls -l ../../../lib/jvm/java-1. java-1.4.2-gcj-1.4.2.0/ java-1.5.0-sun-1.5.0.09/
as well as "/etc/alternatives/java_sdk" [fred@localhost ~]$ ls -l /etc/alternatives/java java java.1.gz javaws javaws.1.gz
am I still ok?
The key thing is that /usr/lib/mozilla/plugins/libjavaplugin_oji.so be a symlink that eventually ends up at the libjavaplugin_oji.so from the java-1.5.0-sun-plugin package. If that's the case, everything should work.
Paul.
Paul Howarth paul@city-fan.org wrote: Fred J. wrote:
Paul Howarth
wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi ...
Yes, you could do it that way.
However, I think a better way, from both a system maintenance and SELinux point of view, would be to use the JPackage RPMs. You need to build these yourself due to the way Sun license Java, and this may appear at first to be a daunting prospect, but it's not difficult really. See: http://www.city-fan.org/tips/JpackageJava
Installing Java using the JPackage RPMs will get all of the SELinux contexts set correctly "out of the box" and the software will be managed by RPM, just like all the other software on the system. It really is the best way IMHO.
Paul.
Paul, do you know of similar way to install adobe "pdf reader" plugin for firefox.
thanks
--------------------------------- Get your email and more, right on the new Yahoo.com
Fred J. wrote:
Paul Howarth paul@city-fan.org wrote: Fred J. wrote:
Paul Howarth
wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi ...
Yes, you could do it that way.
However, I think a better way, from both a system maintenance and SELinux point of view, would be to use the JPackage RPMs. You need to build these yourself due to the way Sun license Java, and this may appear at first to be a daunting prospect, but it's not difficult really. See: http://www.city-fan.org/tips/JpackageJava
Installing Java using the JPackage RPMs will get all of the SELinux contexts set correctly "out of the box" and the software will be managed by RPM, just like all the other software on the system. It really is the best way IMHO.
Paul.
Paul, do you know of similar way to install adobe "pdf reader" plugin for firefox.
Try this: http://www.city-fan.org/tips/AdobeReaderOnFedora
Note to Dan: The RPMforge mozilla-acroread package hardlinks the plugin nppdf.so into three different locations:
/usr/lib/acroread/Browser/intellinux/nppdf.so /usr/lib/mozilla/plugins/nppdf.so /usr/lib/netscape/plugins/nppdf.so
Only one of these is caught by the current context types, so it will end up labelled lib_t. I suggest the following addition to policy:
/usr/lib/[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
Paul.
Paul Howarth paul@city-fan.org wrote: Fred J. wrote:
Paul Howarth
wrote: Fred J. wrote:
Paul Howarth
wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi ...
Yes, you could do it that way.
However, I think a better way, from both a system maintenance and SELinux point of view, would be to use the JPackage RPMs. You need to build these yourself due to the way Sun license Java, and this may appear at first to be a daunting prospect, but it's not difficult really. See: http://www.city-fan.org/tips/JpackageJava
Installing Java using the JPackage RPMs will get all of the SELinux contexts set correctly "out of the box" and the software will be managed by RPM, just like all the other software on the system. It really is the best way IMHO.
Paul.
Paul, do you know of similar way to install adobe "pdf reader" plugin for firefox.
Try this: http://www.city-fan.org/tips/AdobeReaderOnFedora
Note to Dan: The RPMforge mozilla-acroread package hardlinks the plugin nppdf.so into three different locations:
/usr/lib/acroread/Browser/intellinux/nppdf.so /usr/lib/mozilla/plugins/nppdf.so /usr/lib/netscape/plugins/nppdf.so
Only one of these is caught by the current context types, so it will end up labelled lib_t. I suggest the following addition to policy:
/usr/lib/[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
Paul.
thanks Paul
do you have a link for macromedia as well, I search http://www.city-fan.org/ but could not come up with something.
--------------------------------- Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business.
On Wed, 2006-10-04 at 11:36 -0700, Fred J. wrote:
do you have a link for macromedia as well, I search http://www.city-fan.org/ but could not come up with something.
I only wrote the Adobe Reader one today.
Best I can suggest for flash is to try this: http://macromedia.mplug.org/faq.html#fedora
I've no idea if it works, or how well it works.
Paul.
Paul Howarth paul@city-fan.org wrote: Fred J. wrote:
Paul Howarth
wrote: Fred J. wrote:
Paul Howarth
wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
Hi ...
Yes, you could do it that way ....
Paul, do you know of similar way to install adobe "pdf reader" plugin for firefox.
Try this: http://www.city-fan.org/tips/AdobeReaderOnFedora
I used /www.city-fan.org/tips/AdobeReaderOnFedora and because my wget is broken, I downloaded the files with the browser and saved them in ~/rpmbuild/SOURCES/
[fred@localhost SOURCES]$ ls -1 acroread-7.0.8-1.rf.nosrc.rpm AdobeReader_enu-7.0.8-1.i386.tar.gz jdk-1_5_0_09-linux-i586.bin
[localhost ~]$ rpmbuild --rebuild acroread-7.0.8-1.rf.nosrc.rpm gave a long output which ended with
**************************************************************** ... Reader/intellinux/plug_ins/SOAP.api /bin/tar: Reader/intellinux/plug_ins/SOAP.api: Wrote only 4096 of 10240 bytes /bin/tar: Skipping to next header /bin/tar: Error exit delayed from previous errors error: Bad exit status from /var/tmp/rpm-tmp.59796 (%install)
RPM build errors: InstallSourcePackage: Header V3 DSA signature: NOKEY, key ID 6b8d79e6 user dag does not exist - using root group dag does not exist - using root Bad exit status from /var/tmp/rpm-tmp.59796 (%install) ****************************************************************
thank you
--------------------------------- Get your email and more, right on the new Yahoo.com
selinux@lists.fedoraproject.org
-
Bruno Wolff III -
Fred J. -
Paul Howarth