Bug 184078

Summary: avc denied for execmod at rebuilding binutils
Product: [Fedora] Fedora Reporter: Robert Scheck <redhat-bugzilla>
Component: binutilsAssignee: Jakub Jelinek <jakub>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: drepper
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-09 16:14:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Scheck 2006-03-05 23:18:43 UTC 
Description of problem:
While rebuilding the latest binutils, I got the following avc denied in syslog:

type=AVC msg=audit(1141489440.959:890440): avc:  denied  { execmod } for  
pid=2245 comm="vnp" name="vnp.so" dev=cciss/c0d0p2 ino=2048570 scontext=user_u:
system_r:unconfined_t:s0-s0:c0.c255 tcontext=user_u:object_r:src_t:s0 
tclass=file
type=SYSCALL msg=audit(1141489440.959:890440): arch=40000003 syscall=125 
success=yes exit=0 a0=e63000 a1=2000 a2=5 a3=bfa29de0 items=0 pid=2245 auid=500 
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="vnp" exe="/usr/
src/rpm/BUILD/binutils-2.16.91.0.6/build-i386-redhat-linux/ld/tmpdir/vnp"
type=AVC_PATH msg=audit(1141489440.959:890440):  path="/usr/src/rpm/BUILD/
binutils-2.16.91.0.6/build-i386-redhat-linux/ld/tmpdir/vnp.so"

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.2.21
binutils-2.16.91.0.6-3

How reproducible:
Everytime, try to rebuild binutils.

Actual results/Expected results:
I don't know what to expect...is above a misbehaviour of binutils or a problem 
which can't be triggered?
Comment 3 Daniel Walsh 2006-05-09 16:08:04 UTC 
This library should not require execmod.  It should be fixed.

http://people.redhat.com/~drepper/selinux-mem.html

Explains the problem
Comment 4 Jakub Jelinek 2006-05-09 16:14:02 UTC 
It of course should, it is testing that to the extent that DT_TEXTREL
libraries are supported that support works.
Just ignore the audit messages.
Comment 5 Ulrich Drepper 2006-05-09 16:48:29 UTC 
Actually, what this means is to test binutils after compiling it selinux must be
switched to permissive mode.  Something at least RHTS has to learn.  Also will
be relevant should we run the build systems with SELinux in enforcing mode.
Comment 6 Jakub Jelinek 2006-05-09 17:35:54 UTC 
binutils build doesn't fail because of this, the worst thing that happens
is that the test will show up as failed.