Bug 2032655

Summary: libjulia.so requires an executable stack
Product: [Fedora] Fedora Reporter: Demi Marie Obenour <demiobenour>
Component: juliaAssignee: Milan Bouchet-Valat <nalimilan>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 35CC: chris, nalimilan
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: julia-1.7.2-3.fc37 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-27 10:17:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Demi Marie Obenour 2021-12-14 21:55:49 UTC 
Description of problem:
libjulia.so requires an executable stack, which SELinux (rightly) denies.

Version-Release number of selected component (if applicable):
1.7.0.0-1

How reproducible:
100%

Steps to Reproduce:
1. Install Julia
2. Run Julia

Actual results:
> $ julia
> julia: error while loading shared libraries: libjulia.so.1: cannot enable executable stack as shared object requires: Permission denied

SELinux reports that it has denied the execstack permission.

Expected results:
libjulia.so.1 does not require an executable stack.

Additional info:
This means that libjulia.so.1 was incorrectly built.
Comment 1 Milan Bouchet-Valat 2021-12-16 10:29:33 UTC 
I cannot reproduce this with a clean F35 live image. Have you enabled anything special on your machine?
Comment 2 Demi Marie Obenour 2021-12-17 02:26:26 UTC 
Do you have SELinux enforcing?  If so, what are your booleans set to?
I have selinuxuser_execstack set to 0 (disabled), which exposes this bug.
However, libjulia.so.1 requiring an executable stack is a bug in the
shared library, not in SELinux policy.  No code should have an executable
stack nowadays, as it makes security exploits so much easier.
Comment 3 Milan Bouchet-Valat 2021-12-19 15:47:10 UTC 
OK, got it. Note that the steps you provided were not enough to reproduce the problem on a standard install.

After discussing this upstream, it turns out that Julia doesn't actually need an executable stack, it's just that the linker wasn't able to detect this. I've filed PRs to fix that: https://github.com/JuliaLang/julia/pull/43481
Comment 4 Milan Bouchet-Valat 2021-12-27 10:17:05 UTC 
I've pushed a fix with 1.7.1, see https://bodhi.fedoraproject.org/updates/FEDORA-2021-7d0147ebe9.
Comment 5 Fedora Update System 2022-04-07 17:25:26 UTC 
FEDORA-2022-559a87e02f has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-559a87e02f
Comment 6 Fedora Update System 2022-04-07 17:28:47 UTC 
FEDORA-2022-559a87e02f has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.