在 Fedora 上安装 Adobe Reader (最新版本 9.4) 本来是非常简单的一件事,很久以前我装过一次,今天在新系统上第二次装,竟然花了两个小时。
最主要的原因是我下载了错误的文件,我以为老马识途,没仔细看下载了一个 bin 文件,安装后尝试着执行被 SELinux 阻止。
Summary:
SELinux is preventing /opt/Adobe/Reader9/Reader/intellinux/bin/acroread from
making the program stack executable.Detailed Description:
The acroread application attempted to make its stack executable. This is a
potential security problem. This should never ever be necessary. Stack memory is
not executable on most OSes these days and this will not change. Executable
stack memory is one of the biggest security problems. An execstack error might
in fact be most likely raised by malicious code. Applications are sometimes
coded incorrectly and request this permission. The SELinux Memory Protection
Tests (http://www.akkadia.org/drepper/selinux-mem.html) web page explains how to
remove this requirement. If acroread does not work and you need it to work, you
can configure SELinux temporarily to allow this access until the application is
fixed. Please file a bug report.Allowing Access:
Sometimes a library is accidentally marked with the execstack flag, if you find
a library with this flag you can clear it with the execstack -c LIBRARY_PATH.
Then retry your application. If the app continues to not work, you can turn the
flag back on with execstack -s LIBRARY_PATH. Otherwise, if you trust acroread to
run correctly, you can change the context of the executable to execmem_exec_t.
“chcon -t execmem_exec_t ‘/opt/Adobe/Reader9/Reader/intellinux/bin/acroread'”
You must also change the default file context files on the system in order to
preserve them even on a full relabel. “semanage fcontext -a -t execmem_exec_t
‘/opt/Adobe/Reader9/Reader/intellinux/bin/acroread'”Fix Command:
chcon -t execmem_exec_t ‘/opt/Adobe/Reader9/Reader/intellinux/bin/acroread’
SELinux 非常友好,但我这次尝试着它的建议 chcon -t execmem_exec_t ‘/opt/Adobe/Reader9/Reader/intellinux/bin/acroread’ 无济于事。
最后,我重上 adobe 网站,发现还有 rpm 可供下载,有 rpm 当然用 rpm 啦,这次安装一次成功。
PS: 如要卸载,yum erase AdobeReader_enu