Re: SELinux [was: WG: There is only one problem in OpenOffice....

Sun, 07 Jun 2026 13:00:57 -0700 

Could this be the problem? I think it must be, OpenGrok shows there's
nowhere else in OpenOffice we use PROT_EXEC.

At least on lines 105 and 111 it's granting read, write and execute
permissions together:

File main/bridges/source/cpp_uno/shared/vtablefactory.cxx:

     77 extern "C" void * SAL_CALL allocExec(rtl_arena_type *, sal_Size *
size) {
...
     96     sal_Size n = (*size + (pagesize - 1)) & ~(pagesize - 1);
     97     void * p;
     98 #if defined SAL_UNX
     99     p = mmap(
    100         0, n, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1,
    101         0);
    102     if (p == MAP_FAILED) {
    103         p = 0;
    104     }
    105     else if (mprotect (static_cast<char*>(p), n, PROT_READ |
PROT_WRITE | PROT_EXEC) == -1)
    106     {
    107         munmap (static_cast<char*>(p), n);
    108         p = 0;
    109     }
    110 #elif defined SAL_W32
    111     p = VirtualAlloc(0, n, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    112 #elif defined(SAL_OS2)
    113     p = 0;
    114     DosAllocMem( &p, n, PAG_COMMIT | PAG_READ | PAG_WRITE |
OBJ_ANY);
    115 #endif
    116     if (p != 0) {
    117         *size = n;
    118     }
    119     return p;
    120 }

There are already some workarounds for SELinux in this directory, but we
probably need more.

Regards
Damjan

On Sun, Jan 11, 2026 at 4:56 PM Arrigo Marchiori <[email protected]> wrote:

> Hello Dean,
>
> On Sun, Jan 11, 2026 at 12:04:38PM +0000, Dean Webber wrote:
>
> > Out of curiosity I made an apparmor profile for soffice, I wanted to
> > see what it did. I ended up logging information using journalctl to
> > compare the general error version (4.1.16) with my known working
> > version (some old release from forever ago).
>
> Thank you for your efforts!
>
> I believe that your "known working version" is in fact a 4.2.xxx, not
> 4.1.yyy, right?
>
> Would it be possible for you to grab the execstack program from
> another source, and try that, please?
>
> Instructions are here:
>
> https://blog.nashcom.de/nashcomblog.nsf/dx/domino-14.5-is-not-supported-on-brand-new-debian-13-trixie.htm
>
> I tried on a Docker instance of Debian 13 and it worked.
> The command is, for your reference:
>
> $ sudo execstack -s /opt/openoffice4/program/soffice.bin
>
> Thank you in advance and best regards,
> --
> Arrigo
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>

Reply via email to