Description of problem: While rebuilding the latest binutils, I got the following avc denied in syslog: type=AVC msg=audit(1141489440.959:890440): avc: denied { execmod } for pid=2245 comm="vnp" name="vnp.so" dev=cciss/c0d0p2 ino=2048570 scontext=user_u: system_r:unconfined_t:s0-s0:c0.c255 tcontext=user_u:object_r:src_t:s0 tclass=file type=SYSCALL msg=audit(1141489440.959:890440): arch=40000003 syscall=125 success=yes exit=0 a0=e63000 a1=2000 a2=5 a3=bfa29de0 items=0 pid=2245 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="vnp" exe="/usr/ src/rpm/BUILD/binutils-2.16.91.0.6/build-i386-redhat-linux/ld/tmpdir/vnp" type=AVC_PATH msg=audit(1141489440.959:890440): path="/usr/src/rpm/BUILD/ binutils-2.16.91.0.6/build-i386-redhat-linux/ld/tmpdir/vnp.so" Version-Release number of selected component (if applicable): selinux-policy-targeted-2.2.21 binutils-2.16.91.0.6-3 How reproducible: Everytime, try to rebuild binutils. Actual results/Expected results: I don't know what to expect...is above a misbehaviour of binutils or a problem which can't be triggered?
This library should not require execmod. It should be fixed. http://people.redhat.com/~drepper/selinux-mem.html Explains the problem
It of course should, it is testing that to the extent that DT_TEXTREL libraries are supported that support works. Just ignore the audit messages.
Actually, what this means is to test binutils after compiling it selinux must be switched to permissive mode. Something at least RHTS has to learn. Also will be relevant should we run the build systems with SELinux in enforcing mode.
binutils build doesn't fail because of this, the worst thing that happens is that the test will show up as failed.