Bug#440105: openoffice.org-core: does not work with SELinux (patch already exists)
Package: openoffice.org-core
Version: 2.2.1-8
Severity: normal
Tags: patch
OpenOffice fails to start with SELinux turned on (and allow_execmem is
turned off).
The patch already exists, you can grab and apply it. The details are included
only for completeness.
Attempt to run any openoffice.org applications result in error:
$ /usr/lib/openoffice/program/soffice.bin
terminate called after throwing an instance of 'std::bad_alloc'
what(): std::bad_alloc
$
It generates the following line in log:
audit(1188415154.045:681): avc: denied { execmem } for pid=9818 comm="soffice.bin"
scontext=user_u:system_r:unconfined_t:s0-s0:c0.c1023
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process
Strace shows the following:
.... some stuff skipped ...
mmap2(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb1619000
mmap2(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb1609000
mmap2(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb15f9000
mmap2(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb15e9000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb46f4000
mprotect(0xb46f4000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = -1 EACCES (Permission denied)
munmap(0xb46f4000, 4096) = 0
write(2, "terminate called after throwing "..., 48) = 48
write(2, "std::bad_alloc", 14) = 14
write(2, "\'\n", 2) = 2
write(2, " what(): ", 11) = 11
.... some stuff skipped ...
The error is caused by mprotect with PROT_WRITE and PROT_EXEC. Mapping memory
with write and execute permissions is denied by SELinux.
It is easy to catch this place in gdb by setting breakpoint on mprotect:
Breakpoint 2, 0xb6d50080 in mprotect () from /lib/libc.so.6
(gdb) bt
#0 0xb6d50080 in mprotect () from /lib/libc.so.6
#1 0xb163f399 in allocExec () from /usr/lib/openoffice/program/libgcc3_uno.so
#2 0xb7373542 in rtl_arena_alloc () from /usr/lib/openoffice/program/libuno_sal.so.3
#3 0xb163f465 in bridges::cpp_uno::shared::VtableFactory::createVtables () from /usr/lib/openoffice/program/libgcc3_uno.so
#4 0xb163ff13 in bridges::cpp_uno::shared::VtableFactory::getVtables () from /usr/lib/openoffice/program/libgcc3_uno.so
#5 0xb163eada in bridges::cpp_uno::shared::CppInterfaceProxy::create () from /usr/lib/openoffice/program/libgcc3_uno.so
#6 0xb163df08 in bridges::cpp_uno::shared::uno2cppMapping () from /usr/lib/openoffice/program/libgcc3_uno.so
#7 0xb73e5b2d in cppu::throwException () from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#8 0xb74c395a in ucbhelper::cancelCommandExecution () from /usr/lib/openoffice/program/libucbhelper3gcc3.so
#9 0xb1fdb0f7 in fileaccess::throw_handler () from /usr/lib/openoffice/program/libucpfile1.so
#10 0xb1fc0897 in fileaccess::TaskManager::endTask () from /usr/lib/openoffice/program/libucpfile1.so
#11 0xb1fa0769 in fileaccess::BaseContent::endTask () from /usr/lib/openoffice/program/libucpfile1.so
#12 0xb1fa84a5 in fileaccess::BaseContent::execute () from /usr/lib/openoffice/program/libucpfile1.so
#13 0xb747ab25 in ucb::Content_Impl::executeCommand () from /usr/lib/openoffice/program/libucbhelper3gcc3.so
#14 0xb747fe5f in ucb::Content::executeCommand () from /usr/lib/openoffice/program/libucbhelper3gcc3.so
#15 0xb76d8538 in _UCBOpenContentSync () from /usr/lib/openoffice/program/libutl680li.so
#16 0xb76da6e4 in UCBOpenContentSync () from /usr/lib/openoffice/program/libutl680li.so
#17 0xb76db5a8 in utl::UcbLockBytes::CreateLockBytes () from /usr/lib/openoffice/program/libutl680li.so
#18 0xb76ea1bf in lcl_CreateStream () from /usr/lib/openoffice/program/libutl680li.so
#19 0xb76eac70 in utl::UcbStreamHelper::CreateStream () from /usr/lib/openoffice/program/libutl680li.so
#20 0xb1c6b0df in SfxApplication::GetDisabledSlotList_Impl () from /usr/lib/openoffice/program/libsfx680li.so
#21 0xb1e202e7 in SfxDispatcher::Construct_Impl () from /usr/lib/openoffice/program/libsfx680li.so
#22 0xb1e20554 in SfxDispatcher () from /usr/lib/openoffice/program/libsfx680li.so
#23 0xb1c6619a in SfxApplication::Initialize_Impl () from /usr/lib/openoffice/program/libsfx680li.so
#24 0xb1c58dea in SfxApplication::GetOrCreate () from /usr/lib/openoffice/program/libsfx680li.so
#25 0xb1e4cc93 in SfxGlobalEvents_Impl () from /usr/lib/openoffice/program/libsfx680li.so
#26 0xb1e4cfda in SfxGlobalEvents_Impl::impl_createInstance () from /usr/lib/openoffice/program/libsfx680li.so
#27 0xb7402cd5 in cppu::OSingleFactoryHelper::createInstanceEveryTime ()
from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#28 0xb74023d8 in cppu::OSingleFactoryHelper::createInstanceWithContext ()
from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#29 0xb7402495 in cppu::OFactoryComponentHelper::createInstanceWithContext ()
from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#30 0xb7404afe in cppu::ORegistryFactoryHelper::createInstanceEveryTime ()
from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#31 0xb74023d8 in cppu::OSingleFactoryHelper::createInstanceWithContext ()
from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#32 0xb74024f8 in cppu::OFactoryComponentHelper::createInstanceWithContext ()
from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#33 0xb45e1e90 in stoc_smgr::OServiceManager::createInstanceWithContext ()
from /usr/lib/openoffice/program/servicemgr.uno.so
#34 0xb45ddfcb in stoc_smgr::OServiceManager::createInstance () from /usr/lib/openoffice/program/servicemgr.uno.so
#35 0x0806ce4d in desktop::Desktop::Main ()
#36 0xb7cb663c in ImplSVMain () from /usr/lib/openoffice/program/libvcl680li.so
#37 0xb7cb6745 in SVMain () from /usr/lib/openoffice/program/libvcl680li.so
#38 0x0805f426 in main ()
(gdb)
This bug is well-known. It can be found in RedHat and OpenOffice.org bugzilla.
See http://www.openoffice.org/issues/show_bug.cgi?id=80816 for details.
It is fixed by patch openoffice.org-2.0.3.oooXXXXX.selinux.bridges.patch, which is included in
RedHat and Fedora build of OpenOffice (and they work fine under SELinux).
The patch itself can be taken
from http://www.openoffice.org/nonav/issues/showattachment.cgi/47635/openoffice.org-2.0.3.oooXXXXX.selinux.bridges.patch
or http://cvs.fedoraproject.org/viewcvs/rpms/openoffice.org/devel/openoffice.org-2.0.3.ooo80816.selinux.bridges.patch?view=markup
Including this patch into Debian OO build will fix the bug.
With best regards,
Alexander.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22.4
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openoffice.org-core depends on:
ii debconf [debconf-2.0] 1.5.14 Debian configuration management sy
ii fontconfig 2.4.2-1.2 generic font configuration library
ii libc6 2.6.1-1+b1 GNU C Library: Shared libraries
ii libcairo2 1.4.10-1 The Cairo 2D vector graphics libra
ii libcurl3-gnutls 7.16.4-5 Multi-protocol file transfer libra
ii libdb4.4 4.4.20-8.1 Berkeley v4.4 Database Libraries [
ii libexpat1 1.95.8-4 XML parsing C library - runtime li
ii libfontconfig1 2.4.2-1.2 generic font configuration library
ii libfreetype6 2.3.5-1+b1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.2.1-4 GCC support library
ii libglib2.0-0 2.14.0-2 The GLib library of C routines
ii libgstreamer-plugins-ba 0.10.14-2 GStreamer libraries from the "base
ii libgstreamer0.10-0 0.10.14-1 Core GStreamer libraries and eleme
ii libgtk2.0-0 2.10.13-1 The GTK+ graphical user interface
ii libhunspell-1.1-0 1.1.9-1 spell checker and morphological an
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libicu36 3.6-3 International Components for Unico
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libldap2 2.1.30-13.4 OpenLDAP libraries
ii libneon25 0.25.5.dfsg-6 An HTTP and WebDAV client library
ii libnspr4-0d 4.6.7-1 NetScape Portable Runtime Library
ii libnss3-0d 3.11.7-1 Network Security Service libraries
ii libpam0g 0.99.7.1-3 Pluggable Authentication Modules l
ii libpango1.0-0 1.16.5-1 Layout and rendering of internatio
ii libportaudio2 19+svn20070125-1 Portable audio I/O - shared librar
ii libsm6 2:1.0.3-1+b1 X11 Session Management library
ii libsndfile1 1.0.17-3 Library for reading/writing audio
ii libstartup-notification 0.9-1 library for program launch feedbac
ii libstdc++6 4.2.1-4 The GNU Standard C++ Library v3
ii libstlport4.6c2 4.6.2-3 STLport C++ class library
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxaw7 2:1.0.4-1 X11 Athena Widget library
ii libxcursor1 1:1.1.9-1 X cursor management library
ii libxext6 1:1.0.3-2 X11 miscellaneous extension librar
ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes' extensio
ii libxi6 2:1.1.2-1 X11 Input extension library
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library
ii libxml2 2.6.30.dfsg-1 GNOME XML library
ii libxrandr2 2:1.2.1-1 X11 RandR extension library
ii libxrender1 1:0.9.3-1 X Rendering Extension client libra
ii libxslt1.1 1.1.22-1 XSLT processing library - runtime
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii openoffice.org-common 2.2.1-8 OpenOffice.org office suite archit
ii ttf-opensymbol 2.2.1-8 The OpenSymbol TrueType font
ii zlib1g 1:1.2.3.3.dfsg-5 compression library - runtime
Versions of packages openoffice.org-core recommends:
ii nfs-common 1:1.1.1~git-20070709-3 NFS support files common to client
Versions of packages openoffice.org-common depends on:
ii dictionaries-common [openoffi 0.82.0 Common utilities for spelling dict
ii openoffice.org-style-andromed 2.2.1-8 Default symbol style for OpenOffic
Versions of packages openoffice.org-java-common depends on:
ii bsh 2.0b4-6 Java scripting environment (BeanSh
ii libxalan2-java 2.7.0-5 XSL Transformations (XSLT) process
ii libxerces2-java 2.9.0-1 Validating XML parser for Java wit
ii openoffice.org-common 2.2.1-8 OpenOffice.org office suite archit
Versions of packages openoffice.org-core is related to:
pn firefox <none> (no description available)
ii iceape-browser 1.1.4-1 Iceape Navigator (Internet browser
pn icedove <none> (no description available)
ii iceweasel 2.0.0.6-1 lightweight web browser based on M
ii imagemagick 7:6.2.4.5.dfsg1-1 Image manipulation programs
ii libsane 1.0.19~cvs20070730-1 API library for scanners
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library
ii libxrender1 1:0.9.3-1 X Rendering Extension client libra
pn openoffice.org-filt <none> (no description available)
ii pstoedit 3.44-2 PostScript and PDF files to editab
-- no debconf information
Reply to: