Attachment 307001 Details for Bug 448842 – Text dump of the selinux alert notification

Text dump of the selinux alert notification

selinux_alert.txt (text/plain), 3.21 KB, created by Nik Lam on 2008-05-29 00:23:55 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Nik Lam

Created: 2008-05-29 00:23:55 UTC

Size: 3.21 KB

patch

obsolete

>
>Summary:
>
>SELinux is preventing ld-linux.so.2 from loading
>/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Cjl0lV which requires text relocation.
>
>Detailed Description:
>
>The ld-linux.so.2 application attempted to load
>/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Cjl0lV which requires text relocation.
>This is a potential security problem. Most libraries do not need this
>permission. Libraries are sometimes coded incorrectly and request this
>permission. The SELinux Memory Protection Tests
>(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
>remove this requirement. You can configure SELinux temporarily to allow
>/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Cjl0lV to use relocation as a workaround,
>until the library is fixed. Please file a bug report
>(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
>
>Allowing Access:
>
>If you trust /usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Cjl0lV to run correctly, you
>can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
>'/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Cjl0lV'" You must also change the
>default file context files on the system in order to preserve them even on a
>full relabel. "semanage fcontext -a -t textrel_shlib_t
>'/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Cjl0lV'"
>
>The following command will allow this access:
>
>chcon -t textrel_shlib_t '/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Cjl0lV'
>
>Additional Information:
>
>Source Context                user_u:system_r:prelink_t
>Target Context                user_u:object_r:lib_t
>Target Objects                /usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Cjl0lV [
>                              file ]
>Source                        ld-linux.so.2
>Source Path                   /lib/ld-2.5.so
>Port                          <Unknown>
>Host                          zaniah.library.usyd.edu.au
>Source RPM Packages           glibc-2.5-24
>Target RPM Packages           
>Policy RPM                    selinux-policy-2.4.6-137.el5
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   allow_execmod
>Host Name                     zaniah.library.usyd.edu.au
>Platform                      Linux zaniah.library.usyd.edu.au 2.6.18-92.el5 #1
>                              SMP Tue Apr 29 13:16:12 EDT 2008 i686 i686
>Alert Count                   1
>First Seen                    Thu 29 May 2008 10:09:33 AM EST
>Last Seen                     Thu 29 May 2008 10:09:33 AM EST
>Local ID                      9a265707-0b27-4857-9dc1-4c5094e36e00
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=zaniah.library.usyd.edu.au type=AVC msg=audit(1212019773.685:244): avc:  denied  { execmod } for  pid=25764 comm="ld-linux.so.2" path="/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Cjl0lV" dev=dm-3 ino=66552 scontext=user_u:system_r:prelink_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
>
>host=zaniah.library.usyd.edu.au type=SYSCALL msg=audit(1212019773.685:244): arch=40000003 syscall=125 success=no exit=-13 a0=110000 a1=7c000 a2=5 a3=bfc1fcf0 items=0 ppid=25755 pid=25764 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=18 comm="ld-linux.so.2" exe="/lib/ld-2.5.so" subj=user_u:system_r:prelink_t:s0 key=(null)
>
>

Actions: View

Attachments on bug 448842: 307001 | 308305 | 308306 | 308307