Bug 148773 - gpg avc in selinux-policy-targeted-1.21.12-3
gpg avc in selinux-policy-targeted-1.21.12-3
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-15 10:19 EST by sangu
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: selinux-policy-targeted-1.21.13-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-17 04:24:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description sangu 2005-02-15 10:19:50 EST
Description of problem:
$gpg
gpg: error while loading shared libraries: cannot apply additional memory
protection after relocation: Permission denied

in dmesg
audit(1108480571.285:0): avc:  denied  { execmod } for  pid=4230 comm=gpg
path=/usr/bin/gpg dev=hda8 ino=326698 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:bin_t tclass=file

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.21.12-3

How reproducible:
always

Steps to Reproduce:
1. Excute gpg
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Aaron 2005-06-16 09:25:36 EDT
Yeah, I'm getting the memory protection after relocation error too. Ever since I
updated my FC3 and restarted. It also hangs after the network monitoring tool
thing starts.

I try to start xchat, and I get "xchat: error while loading shared libraries:
/lib/libutil.so.1: cannot apply additional memory protection after relocation:
Permission denied"

I recently turned up my cpu speed, its a 3.2 going on 2.1, I think the bastards
gave me a cheap motherboard that can't handle it, the entire computer would
freak on anything near 2.5ghz. 
Comment 2 Daniel Walsh 2005-06-16 16:32:04 EDT
Upgrade to the latest policy 1.17.30-3.9  should fix this.

Dan
Comment 3 Vaclav "sHINOBI" Misek 2005-06-23 15:27:57 EDT
It seems, that the similar problem reappeared with testing version
selinux-policy-targeted-1.17.30-3.13. with Vexira Antivirus. It seems to be
working without problems under 1.17.30-3.9.

./vascan: error while loading shared libraries: /lib/tls/libpthread.so.0: cannot
apply additional memory protection after relocation: Permission denied

kernel: audit(1119554680.680:0): avc:  denied  { execmod } for  pid=12967
comm=vascan path=/lib/tls/libpthread-2.3.5.so dev=dm-0 ino=11796488
scontext=root:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file

Is it the same problem, or should I enter it as the new bug# ?
Comment 4 Daniel Walsh 2005-06-24 07:17:56 EDT
restorecon -R -v /lib/tls should fix the settings, and you do have
the allow_execmod boolean set?

Dan

Note You need to log in before you can comment on or make changes to this bug.