Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 316934 Details for
Bug 462581
SELinux is preventing f771 from loading /usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 which requires text relocation
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
output of sealert
sealert-report.txt (text/plain), 3.33 KB, created by
Milos Malik
on 2008-09-17 10:32:45 UTC
(
hide
)
Description:
output of sealert
Filename:
MIME Type:
Creator:
Milos Malik
Created:
2008-09-17 10:32:45 UTC
Size:
3.33 KB
patch
obsolete
> >Summary: > >SELinux is preventing f771 from loading >/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 which requires text relocation. > >Detailed Description: > >The f771 application attempted to load >/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 which requires text relocation. >This is a potential security problem. Most libraries do not need this >permission. Libraries are sometimes coded incorrectly and request this >permission. The SELinux Memory Protection Tests >(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to >remove this requirement. You can configure SELinux temporarily to allow >/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 to use relocation as a workaround, >until the library is fixed. Please file a bug report >(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. > >Allowing Access: > >If you trust /usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 to run correctly, you >can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t >'/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771'" You must also change the >default file context files on the system in order to preserve them even on a >full relabel. "semanage fcontext -a -t textrel_shlib_t >'/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771'" > >The following command will allow this access: > >chcon -t textrel_shlib_t '/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771' > >Additional Information: > >Source Context root:system_r:initrc_t >Target Context system_u:object_r:bin_t >Target Objects /usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 [ > file ] >Source f771 >Source Path /usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771 >Port <Unknown> >Host ia64-5s-2-m1.lab.bos.redhat.com >Source RPM Packages compat-gcc-34-g77-3.4.6-4 >Target RPM Packages compat-gcc-34-g77-3.4.6-4 >Policy RPM selinux-policy-2.4.6-137.1.el5_2 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name allow_execmod >Host Name ia64-5s-2-m1.lab.bos.redhat.com >Platform Linux ia64-5s-2-m1.lab.bos.redhat.com > 2.6.18-92.el5 #1 SMP Tue Apr 29 13:18:26 EDT 2008 > ia64 ia64 >Alert Count 11 >First Seen Wed Sep 17 06:00:09 2008 >Last Seen Wed Sep 17 06:14:54 2008 >Local ID 1f6a558b-e946-447f-90b7-74efd8c784d7 >Line Numbers > >Raw Audit Messages > >host=ia64-5s-2-m1.lab.bos.redhat.com type=AVC msg=audit(1221646494.130:37974): avc: denied { execmod } for pid=20746 comm="f771" path="/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771" dev=sda2 ino=16221632 scontext=root:system_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file > >host=ia64-5s-2-m1.lab.bos.redhat.com type=SYSCALL msg=audit(1221646494.130:37974): arch=c0000032 syscall=1155 success=no exit=-13 a0=4000000000000000 a1=844000 a2=5 a3=200000000004e330 items=0 ppid=20745 pid=20746 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=6280 comm="f771" exe="/usr/libexec/gcc/ia64-redhat-linux/3.4.6/f771" subj=root:system_r:initrc_t:s0 key=(null) > > >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 462581
: 316934 |
328353