Bug 509469
Summary: | OpenGL applications -> libGL.so.1: failed to map segment from shared object: Permission denied | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | sangu <sangu.fedora> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
Severity: | high | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | plarsen |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-08-05 02:03:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
sangu
2009-07-03 00:53:14 UTC
$ chcon -t execmem_exec_t '/usr/bin/glxinfo' $ glxinfo [...] Segmentation fault $ cat /var/log/Xorg.0.log [...] (II) LoadModule: "glx" (II) Loading /usr/lib64/xorg/modules/extensions/nvidia//libglx.so dlopen: /usr/lib64/xorg/modules/extensions/nvidia//libglx.so: failed to map segment from shared object: Permission denied (EE) Failed to load /usr/lib64/xorg/modules/extensions/nvidia//libglx.so (II) UnloadModule: "glx" (EE) Failed to load module "glx" (loader failed, 7) [...] $ ls -Z /usr/lib64/xorg/modules/extensions/nvidia/libglx.so* lrwxrwxrwx. root root system_u:object_r:lib_t:s0 /usr/lib64/xorg/modules/extensions/nvidia/libglx.so -> libglx.so.185.18.14 -rwxr-xr-x. root root system_u:object_r:textrel_shlib_t:s0 /usr/lib64/xorg/modules/extensions/nvidia/libglx.so.185.18.14 Are you seeing any additional AVC messages? After rebooting $ glxinfo glxinfo: error while loading shared libraries: libGL.so.1: cannot enable executable stack as shared object requires: Permission denied Again # chcon -t execmem_exec_t /usr/bin/glxinfo $ glxinfo [...] Segmentation fault Then, (In reply to comment #2) > Are you seeing any additional AVC messages? # tail -f /var/log/audit/audit.log [...] type=ANOM_ABEND msg=audit(1246924299.706:23247): auid=500 uid=500 gid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_execmem_t:s0 pid=2802 comm="glxinfo" sig=11 Well that is not an AVC. I take it everything works in permissive mode? Can you run the command with the dontaudit rules turned off to see if you get any other avc's about glxinfo? # semodule -DB glxinfo Look for AVC's # semodule -B After installing new xorg-x11-drv-nvidia package, this issue was fixed. Thanks! I've got this same problem with: ll /usr/lib64/nvidia/libGL.so.1 lrwxrwxrwx. 1 root root 15 2009-11-20 21:07 /usr/lib64/nvidia/libGL.so.1 -> libGL.so.190.42 Followed by this in dmesg: type=1400 audit(1258772111.484:44): avc: denied { execstack } for pid=4863 comm="glxinfo" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process Peter if you use the nvidia drivers you have to set the allow_execstack boolean # setsebool -P allow_execstack 1 |