Attachment 316934 Details for Bug 462581 – output of sealert

output of sealert

sealert-report.txt (text/plain), 3.33 KB, created by Milos Malik on 2008-09-17 10:32:45 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Milos Malik

Created: 2008-09-17 10:32:45 UTC

Size: 3.33 KB

patch

obsolete

>
>Summary:
>
>SELinux is preventing f771 from loading
>/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 which requires text relocation.
>
>Detailed Description:
>
>The f771 application attempted to load
>/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 which requires text relocation.
>This is a potential security problem. Most libraries do not need this
>permission. Libraries are sometimes coded incorrectly and request this
>permission. The SELinux Memory Protection Tests
>(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
>remove this requirement. You can configure SELinux temporarily to allow
>/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 to use relocation as a workaround,
>until the library is fixed. Please file a bug report
>(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
>
>Allowing Access:
>
>If you trust /usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 to run correctly, you
>can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
>'/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771'" You must also change the
>default file context files on the system in order to preserve them even on a
>full relabel. "semanage fcontext -a -t textrel_shlib_t
>'/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771'"
>
>The following command will allow this access:
>
>chcon -t textrel_shlib_t '/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771'
>
>Additional Information:
>
>Source Context                root:system_r:initrc_t
>Target Context                system_u:object_r:bin_t
>Target Objects                /usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 [
>                              file ]
>Source                        f771
>Source Path                   /usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771
>Port                          <Unknown>
>Host                          ia64-5s-2-m1.lab.bos.redhat.com
>Source RPM Packages           compat-gcc-34-g77-3.4.6-4
>Target RPM Packages           compat-gcc-34-g77-3.4.6-4
>Policy RPM                    selinux-policy-2.4.6-137.1.el5_2
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   allow_execmod
>Host Name                     ia64-5s-2-m1.lab.bos.redhat.com
>Platform                      Linux ia64-5s-2-m1.lab.bos.redhat.com
>                              2.6.18-92.el5 #1 SMP Tue Apr 29 13:18:26 EDT 2008
>                              ia64 ia64
>Alert Count                   11
>First Seen                    Wed Sep 17 06:00:09 2008
>Last Seen                     Wed Sep 17 06:14:54 2008
>Local ID                      1f6a558b-e946-447f-90b7-74efd8c784d7
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=ia64-5s-2-m1.lab.bos.redhat.com type=AVC msg=audit(1221646494.130:37974): avc:  denied  { execmod } for  pid=20746 comm="f771" path="/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771" dev=sda2 ino=16221632 scontext=root:system_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
>
>host=ia64-5s-2-m1.lab.bos.redhat.com type=SYSCALL msg=audit(1221646494.130:37974): arch=c0000032 syscall=1155 success=no exit=-13 a0=4000000000000000 a1=844000 a2=5 a3=200000000004e330 items=0 ppid=20745 pid=20746 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=6280 comm="f771" exe="/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771" subj=root:system_r:initrc_t:s0 key=(null)
>
>
>

Actions: View

Attachments on bug 462581: 316934 | 328353