Bug 592193

Summary: SELinux is preventing schrodinger_dir from loading /opt/schrodinger/maestro-v90211/lib/Linux-x86/libifcore.so.5 which requires text relocation.
Product: Red Hat Enterprise Linux 5 Reporter: ar4495
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CANTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: low    
Version: 5.5   
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-14 13:24:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description ar4495 2010-05-14 08:14:40 UTC 
Description of problem:
SELinux is preventing schrodinger_dir from loading /opt/schrodinger/maestro-v90211/lib/Linux-x86/libifcore.so.5 which requires text relocation.

The schrodinger_dir application attempted to load /opt/schrodinger/maestro-v90211/lib/Linux-x86/libifcore.so.5 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /opt/schrodinger/maestro-v90211/lib/Linux-x86/libifcore.so.5 to use relocation as a workaround, until the library is fixed. Please file a bug report against this package. 


Version-Release number of selected component (if applicable): Maestro-v90211


How reproducible: 100%


Steps to Reproduce:
1.open terminal
2.enter maestro &
3.SELinux prevents schrodinger_dir from loading /opt/schrodinger/maestro-v90211/lib/Linux-x86/libifcore.so.5 which requires text relocation
  
Actual results: The maestro program is being blocked from starting by recent updates to Linux OS


Expected results: Maestro should start.


Additional info:
Comment 1 Daniel Walsh 2010-05-14 13:24:22 UTC 
Either fix the label on the file

# semanage fcontext -a -t textrel_shlib_t '/opt/schrodinger/maestro-v90211/lib/Linux-x86/.*.s0.*'
# restorecon -R -v /opt/schrodinger/maestro-v90211/lib/Linux-x86

Or turn off the check 

# setsebool -P allow_execmod 1

This is a library that was built without the PIC flag.