Dropbox and SELinux
OK, so Dropbox isnt 100% Open Source but Im a pragmatic kinda guy and I do love Dropbox. However it (Dropbox) doent seem to like SELinux it seems.
I know its so tempting to reach for the “turn off SELinux” switch but wait, its actually very simple to make SELinux allow Dropbox to work.
It turns out that Dropbox tries to do some naughty stuff that SELinux is there to protect us from – namely executing out of the memory buffer. This type of thing is usually done by programs trying to do malicious things on the system and happily SELinux protects us from this – but that prevents Drop from running.
How to Fix It
There is a nice and simple way to fix this and no I dont mean disable SELinux 
There is a boolean that you could flip that turns off this protection – namely allow_execstack
sudo setsebool allow_execstack 1
However this is going way to far as you all now allowing any process to execute from stack, which isnt a good idea.
The best way is to tell SELinux that you just want Dropbox to be able to do this and nothing else. The way that you do this is you label the executable file, in this case /usr/bin/dropbox, as type execmem_exec_t
You can do this with a quick chcon, but thats not the best way to do it, the following two lines will fix Dropbox to work with SELinux
sudo semanage fcontext -a -t unconfined_execmem_exec_t /usr/bin/dropbox
sudo restorecon -v /usr/bin/dropbox
Now if you take a look at the SELinux contetxt of the file, you can see its got the right label
ls -lZ /usr/bin/dropbox
-rwxr-xr-x. root root system_u:object_r:execmem_exec_t:s0 /usr/bin/dropbox
If you spend a little time to understand the basics of SELinux (file contexts and booleans) you will find it is quite straight forward to work on a system with SELinux turned on
If you are interested in learning more about this stuff, check out the Dan Walsh blog
OSG
Heh. Dropbox seems to work fine on stock F14. I am guessing that has SELinux enabled out of the box, right?
Yes, Enforcing out of the box, unless you chose not to. Are you running 64bit? Just to a quick “getenforce” to see if you are enforcing
Nope. 32bit.
[fabsh@serenity ~]$ getenforce
Enforcing
Dropbox works without errors AFAIK.
Seems the version I got and a few others was “wrongly compiled”. See the comment by N.N. in this thread http://forums.dropbox.com/topic.php?id=26808&replies=24#post-170197
Thanks very much for sharing. I had this trouble when installing on F14 – which I am new to – and I appreciate your explanation. All too often people assume that random instructions to execute this or that command are somehow helpful, when what really settles the mind of someone who is stuck is a concise solution with justification for the actions recommended – and in this case even a reference to further information. Excellent, thanks.
Aside – I’m surprised at how little instruction there is on the actual dropbox site, given how long they’ve known about this. (Read: disappointed – I’ve been singing their praises to everyone who’ll listen).
Huw.
@Huw
Should probably have mentioned: Fedora 14_64-bit, Dropbox 1.0.10
Hi Huw
Thanks for the comments, its always good to know if people find this site helpful. And it looks like you have cleared up a mystery of why it worked for Fab with no problems and didnt work for you and I. I think its because you and I are using 64bit Fedora 14 and Fab is using 32bit
Thanks, OSG
From here: http://forums.dropbox.com/topic.php?id=26808&replies=22#post-169211
Just change the SELinux flag on the ctypes library that is shipped w/ Dropbox.
cd ~/.dropbox-dist
execstack -c _ctypes.so
ctypes doesn’t *need* to run from the stack, and so this just removes the flag. The result is, not even Dropbox has to execute from the stack.
excellent, thanks for the info Derek
Thanks! I’ve been so bummed after switching to Fedora only for the fact that i couldn’t get Dropbox working. Found this just in time, was this || close to switching back to Ubuntu.
Thanks!
thx Derek!
Neither of the fixes in the main article or posted by Derek work for me. It is asking for the root password, right? (The prompt only says “your password.”)
Fedora 16 x64, Dropbox 1.2.52.