Bug 480189
| Summary: | tanukiwrapper generates execmod AVC denial | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jan Pazdziora (Red Hat) <jpazdziora> |
| Component: | tanukiwrapper | Assignee: | Deepak Bhole <dbhole> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 10 | CC: | dbhole, devrim, jesusr |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 3.2.3-2.4.fc10 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 471218 | Environment: | |
| Last Closed: | 2009-08-17 21:58:20 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 514558 | ||
|
Description
Jan Pazdziora (Red Hat)
2009-01-15 16:57:41 UTC
For the record, it's tanukiwrapper-3.2.3-2.3.fc10.i386.rpm in Fedora 10 which has the problem: $ eu-findtextrel ./libwrapper.so the file containing the function 'Java_org_tanukisoftware_wrapper_WrapperManager_nativeGetUser' is not compiled with -fpic/-fPIC the file containing the function 'Java_org_tanukisoftware_wrapper_WrapperManager_nativeGetInteractiveUser' is not compiled with -fpic/-fPIC the file containing the function 'Java_org_tanukisoftware_wrapper_WrapperManager_nativeSetConsoleTitle' is not compiled with -fpic/-fPIC the file containing the function 'Java_org_tanukisoftware_wrapper_WrapperManager_nativeRequestThreadDump' is not compiled with -fpic/-fPIC the file containing the function 'Java_org_tanukisoftware_wrapper_WrapperManager_nativeInit' is not compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function '_init' might not be compiled with -fpic/-fPIC the file containing the function 'Java_org_tanukisoftware_wrapper_WrapperManager_nativeGetJavaPID' is not compiled with -fpic/-fPIC the file containing the function 'handleInterrupt' is not compiled with -fpic/-fPIC the file containing the function 'handleHangup' is not compiled with -fpic/-fPIC the file containing the function 'handleTermination' is not compiled with -fpic/-fPIC the file containing the function 'wrapperJNIHandleSignal' is not compiled with -fpic/-fPIC the file containing the function 'Java_org_tanukisoftware_wrapper_WrapperManager_nativeGetControlEvent' is not compiled with -fpic/-fPIC the file containing the function 'Java_org_tanukisoftware_wrapper_WrapperManager_nativeGetLibraryVersion' is not compiled with -fpic/-fPIC the file containing the function 'getLastErrorText' is not compiled with -fpic/-fPIC Deepak, the tanukiwrapper problem is blocking Spacewalk 0.6 with SELinux Enforcing release both for Fedora 10 and for Fedora 11. Will you be able to release newly built package with the -fpic/-fPIC fix? Thank you. tanukiwrapper-3.2.3-2.4.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/tanukiwrapper-3.2.3-2.4.fc10 Jan, please try the above build and let me know if it fixes the issue. I have patched the make files to compile with -fPIC: # eu-findtextrel /usr/lib/libgmp.so eu-findtextrel: no text relocations reported in '/usr/lib/libgmp.so' Er, posted wrong example in Comment #4. Meant to display this: # eu-findtextrel /usr/lib/libwrapper.so eu-findtextrel: no text relocations reported in '/usr/lib/libwrapper.so' tanukiwrapper-3.2.3-2.4.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update tanukiwrapper'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-8193 Thank you, eu-findtextrel /usr/lib/libwrapper.so is indeed clean. Could you do similar rebuild for Fedora 11? Yep. I built for 10, 11 and rawhide at the same time. Just wanted to make sure it works before pushing for f11. Pushed for updates-testing on F11: https://admin.fedoraproject.org/updates/tanukiwrapper-3.2.3-3.4.fc11 Oh, great. Tested on F11, it looks good. Marking as VERIFIED. Thank you, Jan tanukiwrapper-3.2.3-2.4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |