Bug 184078 - avc denied for execmod at rebuilding binutils
avc denied for execmod at rebuilding binutils
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: binutils (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-05 18:18 EST by Robert Scheck
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-09 12:14:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2006-03-05 18:18:43 EST
Description of problem:
While rebuilding the latest binutils, I got the following avc denied in syslog:

type=AVC msg=audit(1141489440.959:890440): avc:  denied  { execmod } for  
pid=2245 comm="vnp" name="vnp.so" dev=cciss/c0d0p2 ino=2048570 scontext=user_u:
system_r:unconfined_t:s0-s0:c0.c255 tcontext=user_u:object_r:src_t:s0 
tclass=file
type=SYSCALL msg=audit(1141489440.959:890440): arch=40000003 syscall=125 
success=yes exit=0 a0=e63000 a1=2000 a2=5 a3=bfa29de0 items=0 pid=2245 auid=500 
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="vnp" exe="/usr/
src/rpm/BUILD/binutils-2.16.91.0.6/build-i386-redhat-linux/ld/tmpdir/vnp"
type=AVC_PATH msg=audit(1141489440.959:890440):  path="/usr/src/rpm/BUILD/
binutils-2.16.91.0.6/build-i386-redhat-linux/ld/tmpdir/vnp.so"

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.2.21
binutils-2.16.91.0.6-3

How reproducible:
Everytime, try to rebuild binutils.

Actual results/Expected results:
I don't know what to expect...is above a misbehaviour of binutils or a problem 
which can't be triggered?
Comment 3 Daniel Walsh 2006-05-09 12:08:04 EDT
This library should not require execmod.  It should be fixed.

http://people.redhat.com/~drepper/selinux-mem.html

Explains the problem
Comment 4 Jakub Jelinek 2006-05-09 12:14:02 EDT
It of course should, it is testing that to the extent that DT_TEXTREL
libraries are supported that support works.
Just ignore the audit messages.
Comment 5 Ulrich Drepper 2006-05-09 12:48:29 EDT
Actually, what this means is to test binutils after compiling it selinux must be
switched to permissive mode.  Something at least RHTS has to learn.  Also will
be relevant should we run the build systems with SELinux in enforcing mode.
Comment 6 Jakub Jelinek 2006-05-09 13:35:54 EDT
binutils build doesn't fail because of this, the worst thing that happens
is that the test will show up as failed.

Note You need to log in before you can comment on or make changes to this bug.