From: guido@trentalancia.com (Guido Trentalancia) Date: Mon, 21 Mar 2011 00:09:46 +0100 Subject: [refpolicy] text relocations for Altera Quartus II In-Reply-To: <20110320221223.5f5acb00@city-fan.org> References: <1300471770.14419.23.camel@tesla.lan> <201103191044.51855.russell@coker.com.au> <1300546556.3034.17.camel@tesla.lan> <20110320221223.5f5acb00@city-fan.org> Message-ID: <1300662586.3108.22.camel@tesla.lan> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi Paul, thanks for sharing your experience. On Sun, 2011-03-20 at 22:12 +0000, Paul Howarth wrote: > On Sat, 19 Mar 2011 15:55:56 +0100 > Guido Trentalancia wrote: > > > Hello Russell ! > > > > On Sat, 19/03/2011 at 10.44 +1100, Russell Coker wrote: > > > On Sat, 19 Mar 2011, Guido Trentalancia > > > wrote: > > > > Up until the beginning of this year the Altera Quartus II > > > > (free/web edition) for Linux was requiring text relocations on > > > > most of the dynamic libraries shipped with the package (not open > > > > source). Many people on the Altera forum were just disabling > > > > SELinux and to the best of my knowledge Altera did not provide > > > > fixed binaries. > > > > > > > > If it is of any interest to anybody, I could do some more detailed > > > > research and get back with the list of files that would need to > > > > be added to system/libraries.fc (provided that the installer has > > > > a default location which I cannot remember now). > > > > > > Why would we want to add support for such non-free software? > > > > The web edition is free software. It is not open-source. > > > > In any case, the following should be considered: > > - it hasn't got an equivalent (at present there are packages in > > libraries.fc that have open-source equivalents, e.g. Acrobat Reader, > > Realplayer); > > - it is software from a vendor to support its own hardware products, > > so it's very specific; > > - users are unable to run it and are therefore are disabling SELinux > > which is worse; > > - it is widely used in universities and distributed for free with RTL > > design books; > > - I do not care personally as my installation had been fixed locally > > long time ago within seconds. > > > > > That seems likely to get us more uncontrolled growth in .fc entries > > > and less benefit than most things that we might do, particularly as > > > they have an "installer" rather than using .deb or .rpm. > > > > Well, if the installer has a default base installation path, then > > there won't me much difference... > > > > > Why not just write a blog post about how the user can run chcon > > > after installation and also describe how Altera could fix their > > > build environment? > > > > Done already on the Altera forum. But no reply from Altera. I am not > > connected with them in any way, it's just something that I need to > > use. For fairness now, I shall mention that a similar products from > > Xilinx are also available. > > I got some similar file contexts for EMC NetWorker (an "enterprise" > backup solution) added in Fedora and RHEL just by posting on > fedora-selinux-list. That was another vendor that was suggesting to > turn off SELinux for the want of a few context fixes (they actually > package their software in RPMs so the contexts are set up correctly on > install now, which is completely painless :-)). To the best of my knowledge Altera has never suggested to disable SELinux (or to enable it). Users on the forum were suggesting that as mutual help. It's just a minor thing though. Because we'll never reach an end if we were to test and support every application that is available for Linux. Regards, Guido