Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 234332 - F-Secure Policy Manager doesn't run in a SELinux environment
Summary: F-Secure Policy Manager doesn't run in a SELinux environment
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 6
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2007-03-28 15:33 UTC by Răzvan Sandu
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version: 2.5.11-4.fc7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-07-17 22:26:45 UTC

Attachments (Terms of Use)

Description Răzvan Sandu 2007-03-28 15:33:59 UTC
Description of problem:

Some components of the F-Secure antivirus suite (Policy Manager and Management
Console) doesn't run with the default SELinux targeted policy.

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1. Install a clean FC6 + updates (28.03.2007), with SELinux targeted policy,
enforcing mode.
2. Install the above RPMs, available from http;//
3. Try to start installed services (Policy Manager). Service doesn't start.
4. Disable SELinux and retry to start services. Services now start.

Actual results:
Program does not perform as specified in a SELinux environment.

Expected results:
Program should perform as specified when SELinux is enabled.

Additional info:
Red Hat Enterprise Linux is mentioned as a supported OS by F-Secure.

Comment 1 Daniel Walsh 2007-03-28 20:17:57 UTC
What avc messages are you seeing in your log files?


Comment 2 Răzvan Sandu 2007-04-02 06:39:44 UTC

I can't respond to the above question right now (I don't have the testing
machine at hand).

However, this is the official answer I've got from F-Secure developer in Finland:


Confirmed while testing on FC6 with selinux configured to enforcing + targeted








Executing "/etc/init.d/fspms start" generated folllowing error:


"Cannot load /opt/f-secure/fspms/libexec/ into server:
/opt/f-secure/fspms/libexec/ cannot restore segment prot after
reloc: Permission denied"



... avc: denied { execmod } for pid=2879 comm="fspms" name="" ....



and per instructions, executed the following:


# /usr/sbin/semanage fcontext -a -t textrel_shlib_t

# /sbin/restorecon -v /opt/f-secure/fspms/libexec/


Now, when I stopped and started fspms, no problems noted and no avc errors in
syslog. Accessing both admin and host-port via localhost 80 and 8080 worked, too.


Comment 3 Răzvan Sandu 2007-04-04 11:49:33 UTC
A bug regarding this was also created on F-Secure's website:

Number: 1-101072186
Created: 4.4.2007 14:38:24
Subject: F-Secure Policy Manager doesn't run in the default SELinux environment


Comment 4 Daniel Walsh 2007-04-05 14:45:43 UTC
Fixed in selinux-policy-2.5.11-4.fc7

Note You need to log in before you can comment on or make changes to this bug.