Bug 671002
Summary: | SELinux is preventing /usr/sbin/sendmail.sendmail from using the 'execstack' accesses on a process. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nikita Bige <bignikita> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 14 | CC: | dwalsh, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:c19e187c5962c8276d269de9b0017f971d09aca726972f6637e70a9555fd2203 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-01-24 06:56:31 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nikita Bige
2011-01-19 21:28:41 UTC
This does not make much sense unless you have some strange libraries installed. Are you using standard sendmail? Yes, sendmail is standart from fedora repo. I didn't change it *** Bug 671001 has been marked as a duplicate of this bug. *** *** Bug 671011 has been marked as a duplicate of this bug. *** Could you try to look for libraries that are marked as requiring execstack # find /lib -exec execstack -q {} \; -print 2> /dev/null | grep ^X # find /usr/lib -exec execstack -q {} \; -print 2> /dev/null | grep ^X or # find /lib64 -exec execstack -q {} \; -print 2> /dev/null | grep ^X # find /usr/lib64 -exec execstack -q {} \; -print 2> /dev/null | grep ^X # find /lib64 -exec execstack -q {} \; -print 2> /dev/null | grep ^X # find /usr/lib64 -exec execstack -q {} \; -print 2> /dev/null | grep ^X X /usr/lib64/nvidia/libcuda.so X /usr/lib64/nvidia/libnvidia-compiler.so.1 X /usr/lib64/nvidia/libcuda.so.260.19.29 X /usr/lib64/nvidia/libOpenCL.so.1.0.0 X /usr/lib64/nvidia/libnvidia-compiler.so.260.19.29 X /usr/lib64/nvidia/libOpenCL.so.1 X /usr/lib64/nvidia/libcuda.so.1 X /usr/lib64/libnnz11.so # find /usr/lib -exec execstack -q {} \; -print 2> /dev/null | grep ^X X /usr/lib/nvidia/libcuda.so X /usr/lib/nvidia/libnvidia-compiler.so.1 X /usr/lib/nvidia/libcuda.so.260.19.29 X /usr/lib/nvidia/libOpenCL.so.1.0.0 X /usr/lib/nvidia/libnvidia-compiler.so.260.19.29 X /usr/lib/nvidia/libOpenCL.so.1 X /usr/lib/nvidia/libcuda.so.1 X /usr/lib/vmware/bin/vmware-vmx-stats X /usr/lib/vmware/bin/vmware-vmx-debug X /usr/lib/vmware/bin/vmware-vmx # ldconfig -p | awk '{print $4}' | xargs execstack -q 2> /dev/null | grep ^X X /usr/lib64/nvidia/libnvidia-compiler.so.260.19.29 X /usr/lib/nvidia/libnvidia-compiler.so.260.19.29 X /usr/lib64/libnnz11.so X /usr/lib64/nvidia/libcuda.so.1 X /usr/lib/nvidia/libcuda.so.1 X /usr/lib64/nvidia/libcuda.so X /usr/lib/nvidia/libcuda.so X /usr/local/zend/lib/libcrypto.so.0.9.8 <--- I think that that the culprit has been this library X /usr/lib64/nvidia/libOpenCL.so.1 X /usr/lib/nvidia/libOpenCL.so.1 If you execute execstack -c /usr/local/zend/lib/libcrypto.so.0.9.8 And everything works correctly you might have solved the problem. You might want to try clearing the flag on all the libraries since they probably do not need them. execstack -c /usr/local/zend/lib/libcrypto.so.0.9.8 solved the problem |