[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#440105: openoffice.org-core: does not work with SELinux (patch already exists)

Package: openoffice.org-core
Version: 2.2.1-8
Severity: normal
Tags: patch


OpenOffice fails to start with SELinux turned on (and allow_execmem is
turned off).

The patch already exists, you can grab and apply it. The details are included
only for completeness.

Attempt to run any openoffice.org applications result in error:
$ /usr/lib/openoffice/program/soffice.bin
terminate called after throwing an instance of 'std::bad_alloc'
  what():  std::bad_alloc
$

It generates the following line in log:
audit(1188415154.045:681): avc:  denied { execmem } for  pid=9818 comm="soffice.bin"
scontext=user_u:system_r:unconfined_t:s0-s0:c0.c1023
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process

Strace shows the following:

.... some stuff skipped ...
mmap2(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb1619000
mmap2(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb1609000
mmap2(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb15f9000
mmap2(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb15e9000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb46f4000
mprotect(0xb46f4000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = -1 EACCES (Permission denied)
munmap(0xb46f4000, 4096)                = 0
write(2, "terminate called after throwing "..., 48) = 48
write(2, "std::bad_alloc", 14)          = 14
write(2, "\'\n", 2)                     = 2
write(2, "  what():  ", 11)             = 11
.... some stuff skipped ...

The error is caused by mprotect with PROT_WRITE and PROT_EXEC. Mapping memory
with write and execute permissions is denied by SELinux.

It is easy to catch this place in gdb by setting breakpoint on mprotect:

Breakpoint 2, 0xb6d50080 in mprotect () from /lib/libc.so.6
(gdb) bt
#0  0xb6d50080 in mprotect () from /lib/libc.so.6
#1  0xb163f399 in allocExec () from /usr/lib/openoffice/program/libgcc3_uno.so
#2  0xb7373542 in rtl_arena_alloc () from /usr/lib/openoffice/program/libuno_sal.so.3
#3  0xb163f465 in bridges::cpp_uno::shared::VtableFactory::createVtables () from /usr/lib/openoffice/program/libgcc3_uno.so
#4  0xb163ff13 in bridges::cpp_uno::shared::VtableFactory::getVtables () from /usr/lib/openoffice/program/libgcc3_uno.so
#5  0xb163eada in bridges::cpp_uno::shared::CppInterfaceProxy::create () from /usr/lib/openoffice/program/libgcc3_uno.so
#6  0xb163df08 in bridges::cpp_uno::shared::uno2cppMapping () from /usr/lib/openoffice/program/libgcc3_uno.so
#7  0xb73e5b2d in cppu::throwException () from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#8  0xb74c395a in ucbhelper::cancelCommandExecution () from /usr/lib/openoffice/program/libucbhelper3gcc3.so
#9  0xb1fdb0f7 in fileaccess::throw_handler () from /usr/lib/openoffice/program/libucpfile1.so
#10 0xb1fc0897 in fileaccess::TaskManager::endTask () from /usr/lib/openoffice/program/libucpfile1.so
#11 0xb1fa0769 in fileaccess::BaseContent::endTask () from /usr/lib/openoffice/program/libucpfile1.so
#12 0xb1fa84a5 in fileaccess::BaseContent::execute () from /usr/lib/openoffice/program/libucpfile1.so
#13 0xb747ab25 in ucb::Content_Impl::executeCommand () from /usr/lib/openoffice/program/libucbhelper3gcc3.so
#14 0xb747fe5f in ucb::Content::executeCommand () from /usr/lib/openoffice/program/libucbhelper3gcc3.so
#15 0xb76d8538 in _UCBOpenContentSync () from /usr/lib/openoffice/program/libutl680li.so
#16 0xb76da6e4 in UCBOpenContentSync () from /usr/lib/openoffice/program/libutl680li.so
#17 0xb76db5a8 in utl::UcbLockBytes::CreateLockBytes () from /usr/lib/openoffice/program/libutl680li.so
#18 0xb76ea1bf in lcl_CreateStream () from /usr/lib/openoffice/program/libutl680li.so
#19 0xb76eac70 in utl::UcbStreamHelper::CreateStream () from /usr/lib/openoffice/program/libutl680li.so
#20 0xb1c6b0df in SfxApplication::GetDisabledSlotList_Impl () from /usr/lib/openoffice/program/libsfx680li.so
#21 0xb1e202e7 in SfxDispatcher::Construct_Impl () from /usr/lib/openoffice/program/libsfx680li.so
#22 0xb1e20554 in SfxDispatcher () from /usr/lib/openoffice/program/libsfx680li.so
#23 0xb1c6619a in SfxApplication::Initialize_Impl () from /usr/lib/openoffice/program/libsfx680li.so
#24 0xb1c58dea in SfxApplication::GetOrCreate () from /usr/lib/openoffice/program/libsfx680li.so
#25 0xb1e4cc93 in SfxGlobalEvents_Impl () from /usr/lib/openoffice/program/libsfx680li.so
#26 0xb1e4cfda in SfxGlobalEvents_Impl::impl_createInstance () from /usr/lib/openoffice/program/libsfx680li.so
#27 0xb7402cd5 in cppu::OSingleFactoryHelper::createInstanceEveryTime ()
   from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#28 0xb74023d8 in cppu::OSingleFactoryHelper::createInstanceWithContext ()
   from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#29 0xb7402495 in cppu::OFactoryComponentHelper::createInstanceWithContext ()
   from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#30 0xb7404afe in cppu::ORegistryFactoryHelper::createInstanceEveryTime ()
   from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#31 0xb74023d8 in cppu::OSingleFactoryHelper::createInstanceWithContext ()
   from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#32 0xb74024f8 in cppu::OFactoryComponentHelper::createInstanceWithContext ()
   from /usr/lib/openoffice/program/libuno_cppuhelpergcc3.so.3
#33 0xb45e1e90 in stoc_smgr::OServiceManager::createInstanceWithContext ()
   from /usr/lib/openoffice/program/servicemgr.uno.so
#34 0xb45ddfcb in stoc_smgr::OServiceManager::createInstance () from /usr/lib/openoffice/program/servicemgr.uno.so
#35 0x0806ce4d in desktop::Desktop::Main ()
#36 0xb7cb663c in ImplSVMain () from /usr/lib/openoffice/program/libvcl680li.so
#37 0xb7cb6745 in SVMain () from /usr/lib/openoffice/program/libvcl680li.so
#38 0x0805f426 in main ()
(gdb)     

This bug is well-known. It can be found in RedHat and OpenOffice.org bugzilla.
See http://www.openoffice.org/issues/show_bug.cgi?id=80816 for details.
It is fixed by patch openoffice.org-2.0.3.oooXXXXX.selinux.bridges.patch, which is included in
RedHat and Fedora build of OpenOffice (and they work fine under SELinux). 
The patch itself can be taken
from http://www.openoffice.org/nonav/issues/showattachment.cgi/47635/openoffice.org-2.0.3.oooXXXXX.selinux.bridges.patch
or http://cvs.fedoraproject.org/viewcvs/rpms/openoffice.org/devel/openoffice.org-2.0.3.ooo80816.selinux.bridges.patch?view=markup

Including this patch into Debian OO build will fix the bug.

With best regards,
   Alexander.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22.4
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openoffice.org-core depends on:
ii  debconf [debconf-2.0]   1.5.14           Debian configuration management sy
ii  fontconfig              2.4.2-1.2        generic font configuration library
ii  libc6                   2.6.1-1+b1       GNU C Library: Shared libraries
ii  libcairo2               1.4.10-1         The Cairo 2D vector graphics libra
ii  libcurl3-gnutls         7.16.4-5         Multi-protocol file transfer libra
ii  libdb4.4                4.4.20-8.1       Berkeley v4.4 Database Libraries [
ii  libexpat1               1.95.8-4         XML parsing C library - runtime li
ii  libfontconfig1          2.4.2-1.2        generic font configuration library
ii  libfreetype6            2.3.5-1+b1       FreeType 2 font engine, shared lib
ii  libgcc1                 1:4.2.1-4        GCC support library
ii  libglib2.0-0            2.14.0-2         The GLib library of C routines
ii  libgstreamer-plugins-ba 0.10.14-2        GStreamer libraries from the "base
ii  libgstreamer0.10-0      0.10.14-1        Core GStreamer libraries and eleme
ii  libgtk2.0-0             2.10.13-1        The GTK+ graphical user interface 
ii  libhunspell-1.1-0       1.1.9-1          spell checker and morphological an
ii  libice6                 2:1.0.4-1        X11 Inter-Client Exchange library
ii  libicu36                3.6-3            International Components for Unico
ii  libjpeg62               6b-13            The Independent JPEG Group's JPEG 
ii  libldap2                2.1.30-13.4      OpenLDAP libraries
ii  libneon25               0.25.5.dfsg-6    An HTTP and WebDAV client library
ii  libnspr4-0d             4.6.7-1          NetScape Portable Runtime Library
ii  libnss3-0d              3.11.7-1         Network Security Service libraries
ii  libpam0g                0.99.7.1-3       Pluggable Authentication Modules l
ii  libpango1.0-0           1.16.5-1         Layout and rendering of internatio
ii  libportaudio2           19+svn20070125-1 Portable audio I/O - shared librar
ii  libsm6                  2:1.0.3-1+b1     X11 Session Management library
ii  libsndfile1             1.0.17-3         Library for reading/writing audio 
ii  libstartup-notification 0.9-1            library for program launch feedbac
ii  libstdc++6              4.2.1-4          The GNU Standard C++ Library v3
ii  libstlport4.6c2         4.6.2-3          STLport C++ class library
ii  libx11-6                2:1.0.3-7        X11 client-side library
ii  libxaw7                 2:1.0.4-1        X11 Athena Widget library
ii  libxcursor1             1:1.1.9-1        X cursor management library
ii  libxext6                1:1.0.3-2        X11 miscellaneous extension librar
ii  libxfixes3              1:4.0.3-2        X11 miscellaneous 'fixes' extensio
ii  libxi6                  2:1.1.2-1        X11 Input extension library
ii  libxinerama1            1:1.0.2-1        X11 Xinerama extension library
ii  libxml2                 2.6.30.dfsg-1    GNOME XML library
ii  libxrandr2              2:1.2.1-1        X11 RandR extension library
ii  libxrender1             1:0.9.3-1        X Rendering Extension client libra
ii  libxslt1.1              1.1.22-1         XSLT processing library - runtime 
ii  libxt6                  1:1.0.5-3        X11 toolkit intrinsics library
ii  openoffice.org-common   2.2.1-8          OpenOffice.org office suite archit
ii  ttf-opensymbol          2.2.1-8          The OpenSymbol TrueType font
ii  zlib1g                  1:1.2.3.3.dfsg-5 compression library - runtime

Versions of packages openoffice.org-core recommends:
ii  nfs-common        1:1.1.1~git-20070709-3 NFS support files common to client

Versions of packages openoffice.org-common depends on:
ii  dictionaries-common [openoffi 0.82.0     Common utilities for spelling dict
ii  openoffice.org-style-andromed 2.2.1-8    Default symbol style for OpenOffic

Versions of packages openoffice.org-java-common depends on:
ii  bsh                           2.0b4-6    Java scripting environment (BeanSh
ii  libxalan2-java                2.7.0-5    XSL Transformations (XSLT) process
ii  libxerces2-java               2.9.0-1    Validating XML parser for Java wit
ii  openoffice.org-common         2.2.1-8    OpenOffice.org office suite archit

Versions of packages openoffice.org-core is related to:
pn  firefox             <none>               (no description available)
ii  iceape-browser      1.1.4-1              Iceape Navigator (Internet browser
pn  icedove             <none>               (no description available)
ii  iceweasel           2.0.0.6-1            lightweight web browser based on M
ii  imagemagick         7:6.2.4.5.dfsg1-1    Image manipulation programs
ii  libsane             1.0.19~cvs20070730-1 API library for scanners
ii  libxinerama1        1:1.0.2-1            X11 Xinerama extension library
ii  libxrender1         1:0.9.3-1            X Rendering Extension client libra
pn  openoffice.org-filt <none>               (no description available)
ii  pstoedit            3.44-2               PostScript and PDF files to editab

-- no debconf information
Reply to: