Attachment 308306 Details for Bug 448842 – Text dump of the selinux alert notification

Text dump of the selinux alert notification

selinux_alert_2.txt (text/plain), 3.21 KB, created by Nik Lam on 2008-06-03 23:56:03 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Nik Lam

Created: 2008-06-03 23:56:03 UTC

Size: 3.21 KB

patch

obsolete

>
>Summary:
>
>SELinux is preventing ld-linux.so.2 from loading
>/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.8jhLV8 which requires text relocation.
>
>Detailed Description:
>
>The ld-linux.so.2 application attempted to load
>/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.8jhLV8 which requires text relocation.
>This is a potential security problem. Most libraries do not need this
>permission. Libraries are sometimes coded incorrectly and request this
>permission. The SELinux Memory Protection Tests
>(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
>remove this requirement. You can configure SELinux temporarily to allow
>/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.8jhLV8 to use relocation as a workaround,
>until the library is fixed. Please file a bug report
>(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
>
>Allowing Access:
>
>If you trust /usr/lib/libSDL-1.2.so.0.7.3.#prelink#.8jhLV8 to run correctly, you
>can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
>'/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.8jhLV8'" You must also change the
>default file context files on the system in order to preserve them even on a
>full relabel. "semanage fcontext -a -t textrel_shlib_t
>'/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.8jhLV8'"
>
>The following command will allow this access:
>
>chcon -t textrel_shlib_t '/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.8jhLV8'
>
>Additional Information:
>
>Source Context                user_u:system_r:prelink_t
>Target Context                user_u:object_r:lib_t
>Target Objects                /usr/lib/libSDL-1.2.so.0.7.3.#prelink#.8jhLV8 [
>                              file ]
>Source                        ld-linux.so.2
>Source Path                   /lib/ld-2.5.so
>Port                          <Unknown>
>Host                          zaniah.library.usyd.edu.au
>Source RPM Packages           glibc-2.5-24
>Target RPM Packages           
>Policy RPM                    selinux-policy-2.4.6-137.el5
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   allow_execmod
>Host Name                     zaniah.library.usyd.edu.au
>Platform                      Linux zaniah.library.usyd.edu.au 2.6.18-92.el5xen
>                              #1 SMP Tue Apr 29 13:45:57 EDT 2008 i686 i686
>Alert Count                   1
>First Seen                    Wed 04 Jun 2008 09:46:19 AM EST
>Last Seen                     Wed 04 Jun 2008 09:46:19 AM EST
>Local ID                      2e9de4fc-5cef-4a3c-9c56-bd8748323361
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=zaniah.library.usyd.edu.au type=AVC msg=audit(1212536779.862:729): avc:  denied  { execmod } for  pid=31503 comm="ld-linux.so.2" path="/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.8jhLV8" dev=dm-3 ino=66260 scontext=user_u:system_r:prelink_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
>
>host=zaniah.library.usyd.edu.au type=SYSCALL msg=audit(1212536779.862:729): arch=40000003 syscall=125 success=no exit=-13 a0=1ed000 a1=7c000 a2=5 a3=bfaf53c0 items=0 ppid=31493 pid=31503 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="ld-linux.so.2" exe="/lib/ld-2.5.so" subj=user_u:system_r:prelink_t:s0 key=(null)
>
>

Actions: View

Attachments on bug 448842: 307001 | 308305 | 308306 | 308307