Attachment 308307 Details for Bug 448842 – Text dump of the selinux alert notification

Text dump of the selinux alert notification

selinux_alert_3.txt (text/plain), 3.12 KB, created by Nik Lam on 2008-06-03 23:56:31 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Nik Lam

Created: 2008-06-03 23:56:31 UTC

Size: 3.12 KB

patch

obsolete

>
>Summary:
>
>SELinux is preventing ld-linux.so.2 from loading
>/usr/lib/libGL.so.1.2.#prelink#.TqjR3p which requires text relocation.
>
>Detailed Description:
>
>The ld-linux.so.2 application attempted to load
>/usr/lib/libGL.so.1.2.#prelink#.TqjR3p which requires text relocation. This is a
>potential security problem. Most libraries do not need this permission.
>Libraries are sometimes coded incorrectly and request this permission. The
>SELinux Memory Protection Tests
>(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
>remove this requirement. You can configure SELinux temporarily to allow
>/usr/lib/libGL.so.1.2.#prelink#.TqjR3p to use relocation as a workaround, until
>the library is fixed. Please file a bug report
>(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
>
>Allowing Access:
>
>If you trust /usr/lib/libGL.so.1.2.#prelink#.TqjR3p to run correctly, you can
>change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
>'/usr/lib/libGL.so.1.2.#prelink#.TqjR3p'" You must also change the default file
>context files on the system in order to preserve them even on a full relabel.
>"semanage fcontext -a -t textrel_shlib_t
>'/usr/lib/libGL.so.1.2.#prelink#.TqjR3p'"
>
>The following command will allow this access:
>
>chcon -t textrel_shlib_t '/usr/lib/libGL.so.1.2.#prelink#.TqjR3p'
>
>Additional Information:
>
>Source Context                user_u:system_r:prelink_t
>Target Context                user_u:object_r:lib_t
>Target Objects                /usr/lib/libGL.so.1.2.#prelink#.TqjR3p [ file ]
>Source                        ld-linux.so.2
>Source Path                   /lib/ld-2.5.so
>Port                          <Unknown>
>Host                          zaniah.library.usyd.edu.au
>Source RPM Packages           glibc-2.5-24
>Target RPM Packages           
>Policy RPM                    selinux-policy-2.4.6-137.el5
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   allow_execmod
>Host Name                     zaniah.library.usyd.edu.au
>Platform                      Linux zaniah.library.usyd.edu.au 2.6.18-92.el5xen
>                              #1 SMP Tue Apr 29 13:45:57 EDT 2008 i686 i686
>Alert Count                   1
>First Seen                    Wed 04 Jun 2008 09:48:01 AM EST
>Last Seen                     Wed 04 Jun 2008 09:48:01 AM EST
>Local ID                      2ff8e99a-40ba-4b0b-bb98-7fa2d5f36736
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=zaniah.library.usyd.edu.au type=AVC msg=audit(1212536881.242:730): avc:  denied  { execmod } for  pid=14436 comm="ld-linux.so.2" path="/usr/lib/libGL.so.1.2.#prelink#.TqjR3p" dev=dm-3 ino=66446 scontext=user_u:system_r:prelink_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
>
>host=zaniah.library.usyd.edu.au type=SYSCALL msg=audit(1212536881.242:730): arch=40000003 syscall=125 success=no exit=-13 a0=20d000 a1=68000 a2=5 a3=bf934a10 items=0 ppid=14424 pid=14436 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="ld-linux.so.2" exe="/lib/ld-2.5.so" subj=user_u:system_r:prelink_t:s0 key=(null)
>
>

Actions: View

Attachments on bug 448842: 307001 | 308305 | 308306 | 308307