Hello, I am a linux newbie and I have a problem opening Ardour. My SE Linux will not allow ardour to open.
This is the description of the problem as given by SE Linux
“The /usr/lib/ardour2/ardour-2.1 application attempted to load /usr/lib/libjack.so.0.0.23 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/libjack.so.0.0.23 to use relocation as a workaround, until the library is fixed. Please file a bug report against this package.”
Allowing access says:
"If you trust /usr/lib/libjack.so.0.0.23 to run correctly, you can change the file context to textrel_shlib_t. “chcon -t textrel_shlib_t /usr/lib/libjack.so.0.0.23” You must also change the default file context files on the system in order to preserve them even on a full relabel. “semanage fcontext -a -t textrel_shlib_t /usr/lib/libjack.so.0.0.23”
You appear to be running a security-hardened linux variant (SElinux). That may be giving you the grief mentioned above. I’m not saying ardour is insecure, but by design it uses the computer differently than a “ultra-secure” system might want to let you.
Realtime access and memory locking come to mind as things that would be a bad idea on, say, a bank’s server or a server on the big bad internet, but are really cool for your music studio 'puter. Are there others out there running SElinux with ardour?
It’s Fedora, which installs with SELinux by default. I don’t know anything about it really, except for the fact that there is a way to change the settings, although the easiest is to set SELinux to “permissive” (as opposed to “enforcing”) or turn it off completely. I would recommend disabling it completely since you’re running a sound setup. I wouldn’t imagine you’d need SELinux if you’re not hosting a server or anything like that where you are at risk of being hacked. I just found this little snippet:
If you’re not sure if SELinux is disabled enter:
cat /etc/selinux/config | grep ^SELINUX=
Disable SELinux if it is enabled:
vi /etc/selinux/config
(if you don’t want to use vi, try gedit, or your favorite text editor)
Set
SELINUX=enforcing
to
SELINUX=disabled
Afterwards reboot the system
I’d like to hear if this helps at all. Oh by the way, you’ll probably need to be root to do this (or have root privileges).
where did you get this version of JACK from? what version of fedora?
i run Fedora (FC5 + FC6) with SELinux and I have not seen this problem. i have also not seen it reported before. it could also be something new in a recent version of Fedora/SELinux that was not present in earlier versions.
you actually don’t need to do any fiddling with a command prompt to change selinux settings in fedora. one of my boxes is fedora 7 ppc. if you go to the system menu -> administration -> selinux management, you can easily change selinux settings. i have had some goofiness, though i don’t remember specifics, when trying to run jack with selinux set to ‘enforcing’. however, using ‘permissive’ or obviously ‘disabled’ has given me no trouble at all.