Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 177097 - Wine fails to execute any windows programs
Summary: Wine fails to execute any windows programs
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-01-06 10:34 UTC by Hans de Goede
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version: 2.1.13-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-03-21 01:43:48 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Hans de Goede 2006-01-06 10:34:43 UTC 
This is on x86_64 but using the i386 version of wine!

To reproduce download the latest wine rpms for FC4 from www.wineHQ.com (0.9.2),
and install.

Download DCOM98.EXE (this legally requires a windows license to run!) :
wget
http://download.microsoft.com/download/d/1/3/d13cd456-f0cf-4fb2-a17f-20afc79f8a51/DCOM98.EXE

Now try to install it:
WINEDLLOVERRIDES="ole32=n" wine DCOM98.EXE

It fails with a debug trace, interesting stuff is realy in /var/log/audit:

4041): avc:  denied  { execmod } for  pid=8547 comm="wine-preloader"
name="DCOM98.EXE" dev=dm-1 ino=3113147 scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:object_r:user_home_t:s0 tclass=file
4041): arch=40000003 syscall=125 success=no exit=-13 a0=1001000 a1=9000 a2=5
a3=1001000 items=0 pid=8547 auid=4294967295 uid=500 gid=500 euid=500 egid=500
sgid=500 fsgid=500 comm="wine-preloader" exe="/usr/bin/wine-preloader"

Doing:

chcon -t textrel_shlib_t ~hans/DCOM98.EXE

causes it to get a bit further, DCOM98.EXE is a self extracting and running
setup executable, the extracted executables from the archive however ofcourse
don't have the textrel_shlib_t type and thus it fails a bit further when trying
to execute install.exe:

4863): avc:  denied  { execmod } for  pid=9144 comm="wine-preloader"
name="install.exe" dev=dm-1 ino=3276919 scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:object_r:user_home_t:s0 tclass=file
4863): arch=40000003 syscall=125 success=no exit=-13 a0=1001000 a1=b000 a2=5
a3=1001000 items=0 pid=9144 auid=4294967295 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 comm="wine-preloader"
exe="/usr/bin/wine-preloader"


Hope this is enough info for you to fix it.
Comment 1 Daniel Walsh 2006-01-06 13:28:11 UTC 
Try turning on allow_execmod boolean

setsebool -P allow_execmod=1
Comment 2 Hans de Goede 2006-01-06 13:49:29 UTC 
That works, which is strange because inspired by a bugzilla query I did:

for i in `rpm -ql wine|grep /bin`; do chcon -t java_exec_t $i;  done

And java needs allow_execmod too right?

Anyways yes that works.
Comment 3 Daniel Walsh 2006-01-06 14:32:33 UTC 
No it allows execmem.  We need a better solution for wine, but this works for now.
Comment 4 Hans de Goede 2006-01-06 14:54:38 UTC 
Erm, if we need a better solution then how is this not a bug?

Also since wine is in extras now (see bug 171526), this is a real problem since
the targeted policy is enabled by default now a days and one would expect wine
from FE to work out of the box.

Reopening.
Comment 5 Daniel Walsh 2006-01-06 15:10:03 UTC 
Actually if you want to run execmod applications in your homedir you need to set
allow_execmod.

If you want the exe labeled correctly they should be installed in /usr/lib/wine
directory as a .s0 file.  They you could restorecon -R /usr/lib/wine 

To set them up correctly.  

If they do not work labeled as .so I could add a file_context match on \*.exe
Comment 6 Hans de Goede 2006-01-06 15:16:38 UTC 
Daniel Walsh wrote:
> Actually if you want to run execmod applications in your homedir you need to
set allow_execmod.

What I want is a wine which works out of the box with the targeted policy. Isn't
it possible to create a type for the wine binaries so that they are allowed todo
execmod on any file? Just like java is given a type which allows it to always do
execmem.
Comment 7 Daniel Walsh 2006-01-06 15:26:46 UTC 
Yes.  Do you know if wine needs execmem?
Comment 8 Hans de Goede 2006-01-06 20:17:05 UTC 
Well it works with the default targeted policy after doing the "setsebool -P
allow_execmod=1" so I guess it doesn't need execmem.
Comment 9 Andreas Bierfert 2006-01-18 10:05:22 UTC 
Where are we on this one? Anything new or anything I should test/check?
Comment 10 Daniel Walsh 2006-01-18 16:43:53 UTC 
Latest policy should be working.

selinux-policy-targeted-2.1.13-1
Note You need to log in before you can comment on or make changes to this bug.