Bug 148773 - gpg avc in selinux-policy-targeted-1.21.12-3
Summary: gpg avc in selinux-policy-targeted-1.21.12-3
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-02-15 15:19 UTC by sangu
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version: selinux-policy-targeted-1.21.13-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-17 09:24:14 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description sangu 2005-02-15 15:19:50 UTC
Description of problem:
$gpg
gpg: error while loading shared libraries: cannot apply additional memory
protection after relocation: Permission denied

in dmesg
audit(1108480571.285:0): avc:  denied  { execmod } for  pid=4230 comm=gpg
path=/usr/bin/gpg dev=hda8 ino=326698 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:bin_t tclass=file

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.21.12-3

How reproducible:
always

Steps to Reproduce:
1. Excute gpg
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Aaron 2005-06-16 13:25:36 UTC
Yeah, I'm getting the memory protection after relocation error too. Ever since I
updated my FC3 and restarted. It also hangs after the network monitoring tool
thing starts.

I try to start xchat, and I get "xchat: error while loading shared libraries:
/lib/libutil.so.1: cannot apply additional memory protection after relocation:
Permission denied"

I recently turned up my cpu speed, its a 3.2 going on 2.1, I think the bastards
gave me a cheap motherboard that can't handle it, the entire computer would
freak on anything near 2.5ghz. 

Comment 2 Daniel Walsh 2005-06-16 20:32:04 UTC
Upgrade to the latest policy 1.17.30-3.9  should fix this.

Dan

Comment 3 Vaclav "sHINOBI" Misek 2005-06-23 19:27:57 UTC
It seems, that the similar problem reappeared with testing version
selinux-policy-targeted-1.17.30-3.13. with Vexira Antivirus. It seems to be
working without problems under 1.17.30-3.9.

./vascan: error while loading shared libraries: /lib/tls/libpthread.so.0: cannot
apply additional memory protection after relocation: Permission denied

kernel: audit(1119554680.680:0): avc:  denied  { execmod } for  pid=12967
comm=vascan path=/lib/tls/libpthread-2.3.5.so dev=dm-0 ino=11796488
scontext=root:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file

Is it the same problem, or should I enter it as the new bug# ?

Comment 4 Daniel Walsh 2005-06-24 11:17:56 UTC
restorecon -R -v /lib/tls should fix the settings, and you do have
the allow_execmod boolean set?

Dan


Note You need to log in before you can comment on or make changes to this bug.