Bug 148773

Summary: gpg avc in selinux-policy-targeted-1.21.12-3
Product: [Fedora] Fedora Reporter: sangu <sangu.fedora>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: llamaofdeath
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-targeted-1.21.13-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-02-17 09:24:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description sangu 2005-02-15 15:19:50 UTC 
Description of problem:
$gpg
gpg: error while loading shared libraries: cannot apply additional memory
protection after relocation: Permission denied

in dmesg
audit(1108480571.285:0): avc:  denied  { execmod } for  pid=4230 comm=gpg
path=/usr/bin/gpg dev=hda8 ino=326698 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:bin_t tclass=file

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.21.12-3

How reproducible:
always

Steps to Reproduce:
1. Excute gpg
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Aaron 2005-06-16 13:25:36 UTC 
Yeah, I'm getting the memory protection after relocation error too. Ever since I
updated my FC3 and restarted. It also hangs after the network monitoring tool
thing starts.

I try to start xchat, and I get "xchat: error while loading shared libraries:
/lib/libutil.so.1: cannot apply additional memory protection after relocation:
Permission denied"

I recently turned up my cpu speed, its a 3.2 going on 2.1, I think the bastards
gave me a cheap motherboard that can't handle it, the entire computer would
freak on anything near 2.5ghz.
Comment 2 Daniel Walsh 2005-06-16 20:32:04 UTC 
Upgrade to the latest policy 1.17.30-3.9  should fix this.

Dan
Comment 3 Vaclav "sHINOBI" Misek 2005-06-23 19:27:57 UTC 
It seems, that the similar problem reappeared with testing version
selinux-policy-targeted-1.17.30-3.13. with Vexira Antivirus. It seems to be
working without problems under 1.17.30-3.9.

./vascan: error while loading shared libraries: /lib/tls/libpthread.so.0: cannot
apply additional memory protection after relocation: Permission denied

kernel: audit(1119554680.680:0): avc:  denied  { execmod } for  pid=12967
comm=vascan path=/lib/tls/libpthread-2.3.5.so dev=dm-0 ino=11796488
scontext=root:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file

Is it the same problem, or should I enter it as the new bug# ?
Comment 4 Daniel Walsh 2005-06-24 11:17:56 UTC 
restorecon -R -v /lib/tls should fix the settings, and you do have
the allow_execmod boolean set?

Dan