Bug 467210
| Summary: | SELinux is preventing knotify4 from making the program stack executable. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Antonio A. Olivares <olivares14031> |
| Component: | kdebase-runtime | Assignee: | Than Ngo <than> |
| Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | dwalsh, jkubin, jreznik, kevin, lorenzo, ltinkl, mgrepl, rdieter, than, tuxbrewr |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-10-27 13:38:34 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Antonio A. Olivares
2008-10-16 12:20:02 UTC
Are you certain you don't have any 3rd party software installed... say like an X driver or something? :) What Rex says, plus does "ldd knotify4" show anything unusual (like libraries outside of /usr/lib)? Oops, make that: ldd /usr/bin/knotify4 Yes. Default install no binary drivers. I can't boot to computer again. I need a fix fsck or something to get back up and running. Odd, I can't reproduce this. I'll keep looking tho. > I need a fix fsck or something to get back up and running.
Corrupt file system? That might be what's causing this problem, too.
Definely not an SELinux bug then? From selinux list commentary on this bug:
The unix_stream_socket is a leaked file descriptor.
node=localhost.localdomain type=AVC msg=audit(1224873233.717:83): avc:
denied { read write } for pid=3912 comm="ip" path="socket:[11145]"
dev=sockfs ino=11145 scontext=unconfined_u:system_r:ifconfig_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=unix_stream_socket
These can be dontaudited or allowed using
# grep ifconfig /var/log/audit/audit.log | audit2allow -m mypol
# semodule -i mypol.pp
Probably a bug in one of the kde routines that should be calling
fcntl(fd, F_SETFD
That is a different issue though. This bug is about an executable stack, it has nothing to do with leaked file descriptors. Here's the reference: https://www.redhat.com/archives/fedora-test-list/2008-October/msg01248.html It would appear Dan made an incorrect conclusion here, reclosing... at least until we have more evidence, receive confirmation from elsewhere, or are able to reproduce this. Antonio, we're still waiting to see output form ldd, per comment #3 , which may help id the problem. Gone for the weekend :)
Sorry for not sending it in before.
[olivares@localhost ~]$ ldd /usr/bin/knotify4
linux-gate.so.1 => (0x00110000)
libQtSvg.so.4 => /usr/lib/libQtSvg.so.4 (0x06a2d000)
libQtCore.so.4 => /usr/lib/libQtCore.so.4 (0x04779000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00897000)
libkdecore.so.5 => /usr/lib/libkdecore.so.5 (0x04cd1000)
libSM.so.6 => /usr/lib/libSM.so.6 (0x00de0000)
libICE.so.6 => /usr/lib/libICE.so.6 (0x00144000)
libX11.so.6 => /usr/lib/libX11.so.6 (0x00a03000)
libXext.so.6 => /usr/lib/libXext.so.6 (0x00b0a000)
libXft.so.2 => /usr/lib/libXft.so.2 (0x06ead000)
libXau.so.6 => /usr/lib/libXau.so.6 (0x009f6000)
libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x009fb000)
libXpm.so.4 => /usr/lib/libXpm.so.4 (0x06ec3000)
libQtGui.so.4 => /usr/lib/libQtGui.so.4 (0x076fa000)
libQtXml.so.4 => /usr/lib/libQtXml.so.4 (0x00555000)
libXtst.so.6 => /usr/lib/libXtst.so.6 (0x06ed6000)
libXcursor.so.1 => /usr/lib/libXcursor.so.1 (0x00c63000)
libXfixes.so.3 => /usr/lib/libXfixes.so.3 (0x00c47000)
libXrender.so.1 => /usr/lib/libXrender.so.1 (0x00c3c000)
libkdeui.so.5 => /usr/lib/libkdeui.so.5 (0x06ede000)
libphonon.so.4 => /usr/lib/libphonon.so.4 (0x02650000)
libQtNetwork.so.4 => /usr/lib/libQtNetwork.so.4 (0x049a0000)
libQtDBus.so.4 => /usr/lib/libQtDBus.so.4 (0x005dc000)
libz.so.1 => /lib/libz.so.1 (0x008b3000)
libbz2.so.1 => /lib/libbz2.so.1 (0x04c41000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00dc1000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00c83000)
libm.so.6 => /lib/libm.so.6 (0x00865000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00c53000)
libc.so.6 => /lib/libc.so.6 (0x006ef000)
libpng12.so.0 => /usr/lib/libpng12.so.0 (0x00be1000)
libXi.so.6 => /usr/lib/libXi.so.6 (0x00c6f000)
libXrandr.so.2 => /usr/lib/libXrandr.so.2 (0x00c7a000)
libXinerama.so.1 => /usr/lib/libXinerama.so.1 (0x00c4e000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00b4c000)
libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x00c0b000)
libgthread-2.0.so.0 => /lib/libgthread-2.0.so.0 (0x00111000)
librt.so.1 => /lib/librt.so.1 (0x009cc000)
libglib-2.0.so.0 => /lib/libglib-2.0.so.0 (0x0015e000)
libdl.so.2 => /lib/libdl.so.2 (0x00890000)
/lib/ld-linux.so.2 (0x006ca000)
libuuid.so.1 => /lib/libuuid.so.1 (0x00dda000)
libxcb-xlib.so.0 => /usr/lib/libxcb-xlib.so.0 (0x00b06000)
libxcb.so.1 => /usr/lib/libxcb.so.1 (0x009d8000)
libssl.so.7 => /lib/libssl.so.7 (0x003b5000)
libcrypto.so.7 => /lib/libcrypto.so.7 (0x00241000)
libdbus-1.so.3 => /lib/libdbus-1.so.3 (0x00d7e000)
libexpat.so.1 => /lib/libexpat.so.1 (0x00b23000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00400000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x0042f000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x00dea000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00116000)
libcap.so.2 => /lib/libcap.so.2 (0x00d77000)
libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x003a9000)
libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00df5000)
libselinux.so.1 => /lib/libselinux.so.1 (0x008c9000)
[olivares@localhost ~]$
|