all the .bin files in /usr/lib/openoffice/program get improperly labelled as lib_t. This is a bug in the sec-policy/selinux-base-policy. I found the context that is supposed to take care of this: /usr/lib/openoffice\.org.*/program/.+\.bin -- system_u:object_r:unconfined_execmem_exec_t I'm guessing that in between openoffice releases, the directory was changed to /usr/lib/openoffice/program/*.bin I'm not sure how to relabel all the .bin files (the asterisk didn't work), so I just entered all the .bin files manually. Ex: /usr/lib/openoffice/program/soffice.bin -- system_u:object_r:unconfined_execmem_exec_t. I fixed this by editing the unconfined.fc line in refpolicy-20061114.tar.bz2. Reproducible: Always Steps to Reproduce: 1.Install openoffice 2.Attempt to run openoffice (will complain about improper binary format) 3.ls --lcontext /usr/lib/openoffice/program | grep \.bin Actual Results: Openoffice failed with this avc message: audit(1167320262.814:1427): avc: denied { execmem } for pid=22984 comm="soffice.bin" scontext=root:system_r:unconfined_t tcontext=root:system_r:unconfined_t tclass=process Expected Results: Run soffice.bin labelled as unconfined_execmem_exec_t.
this may be a amd64 only problem, I had to change it to /usr/lib64 instead of /usr/lib otherwise it didn't get labelled.
closing old bugs. should be fixed in newer policies, please open a new bug if this is not the case
