How to make SELinux trust the Squish IDE

Last edited on

On Linux systems with SELinux enabled (such as Fedora), starting up the IDE may fail with an exit code of -1. The error dialog will typically contain text such as this:

JVM terminated. Exit code=-1
-Djava.class.path=/home/user/squishide-4.0.2/plugins/org.eclipse.equinox.launcher_1.0.201.R35x_v20090715.jar
-os linux
-ws gtk
-arch x86
-showsplash
-launcher /home/user/squishide-4.0.2/squishide
-name Squishide
--launcher.library /home/user/squishide-4.0.2/plugins/org.eclipse.equinox.launcher.gtk.linux.x86_1.0.200.v20090520/eclipse_1206.so
-startup /home/user/squishide-4.0.2/plugins/org.eclipse.equinox.launcher_1.0.201.R35x_v20090715.jar
-vm /home/user/squishide-4.0.2/jre/bin/../lib/i386/client/libjvm.so
-vmargs
-Djava.class.path=/home/user/squishide-4.0.2/plugins/org.eclipse.equinox.launcher_1.0.201.R35x_v20090715.jar

If the Squish IDE was started from a console, in addition an error message similar to the following will be output:

/home/user/squishide-4.0.2/jre/bin/../lib/i386/client/libjvm.so: cannot enable executable stack as shared object requires: Permission denied

Furthermore, the SELinux Troubleshooter application may also show an SELinux Security Alert similar to this:

SELinux is preventing /home/user/squishide-4.0.2/squishide from making the program stack executable.

The problem is caused by the library libjvm.so which needs to be run with an executable stack, something that SELinux will not permit a library to do by default.

The solution is to tell SELinux to allow the library to have an executable stack. This is done by running the chcon command as follows (but obviously replacing the path to the Squish IDE with your own system’s path):

chcon -t execmem_exec_t /home/user/squishide-4.0.2/squishide

See also: "… cannot restore segment prot after reloc Permission denied”.