Bug 213856
| Summary: | SELinux is preventing /lib/ld-2.5.so from loading /usr/lib/libx264.so.54 which requires text relocation. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tom Weniger <trweniger> |
| Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
| Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-11-03 17:16:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Why are you reporting this against glibc? There is no bug on the glibc side. You have some third party incorrectly built library, which you either should mark as textrel_shlib_t using chcon, or recompile properly to avoid text relocations. I repoorted it againt glibc because that was the program listed in the SELinux Troubleshooter. My apologies for the confusion since I did a bugzilla search and did not find a related issue open. I later found the problem was related to mplayer. |
Description of problem: The /lib/ld-2.5.so application attempted to load /usr/lib/libx264.so.54 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/libx264.so.54 to use relocation as a workaround, until the library is fixed. Version-Release number of selected component (if applicable): glibc-2.5-3 [application]x264-0-0.7.20061028.lvn6 [target] selinux-policy-2.4.1-3.fc6 How reproducible: unknown Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: avc: denied { execmod } for comm='"ld-linux.so.2"' dev='dm-3' egid='0' euid='0' exe='"/lib/ld-2.5.so"' exit='-13' fsgid='0' fsuid='0' gid='0' items='0' name='"libx264.so.54"' path='"/usr/lib/libx264.so.54"' pid='6393' scontext=system_u:system_r:prelink_t:s0-s0:c0.c1023 sgid='0' subj='system_u:system_r:prelink_t:s0-s0:c0.c1023' suid='0' tclass='file' tcontext=system_u:object_r:lib_t:s0 tty='(none)' uid='0'