Bug 191191 - libGL.so needs execmod priviliges on load
Summary: libGL.so needs execmod priviliges on load
Keywords:
Status: CLOSED DUPLICATE of bug 178262
Alias: None
Product: Fedora
Classification: Fedora
Component: mesa
Version: 5
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Adam Jackson
QA Contact: X/OpenGL Maintenance List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-05-09 17:38 UTC by Noa Resare
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-06-23 21:13:42 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Noa Resare 2006-05-09 17:38:31 UTC
Description of problem:

In some cases selinux denies the "execmod" privilege. For some reason libGL.so
does operations that need this privilege on library load. Is it really needed?

The reason I'm asking is that it looks like ATI uses mesa as a part of their
proprietary driver and they place their shared libraries in subdirectory to
/usr/lib which is (was) not previously added to the selinux policy. This lead to
selinux permission failures outlined in #191054

Version-Release number of selected component (if applicable):
mesa-libGL-6.4.2-6

How reproducible:
always

Steps to Reproduce:
# mkdir /usr/lib/test
# cp /usr/lib/libGL.so.1.2 /usr/lib/test
# echo "/usr/lib/test" >> /etc/ld.so.conf.d/test
# /sbin/ldconfig
# ldd /usr/bin/metacity |grep GL.so
        libGL.so.1 => /usr/lib/test/libGL.so.1 (0x06276000)
# /usr/bin/metacity


Actual results:
/usr/bin/metacity: error while loading shared libraries:
/usr/lib/test/libGL.so.1: cannot restore segment prot after reloc: Permission denied


Expected results:
started metacity

Additional info:

http://people.redhat.com/~drepper/selinux-mem.html outlines how the need for
this privilege can be avoided

Comment 1 Hans Ulrich Niedermann 2006-06-18 19:41:00 UTC
FWIW, this problem also exists in stock FC5 (updated using "yum update"),
without any proprietary video drivers or other obscure code.

Comment 2 Adam Jackson 2006-06-23 21:13:42 UTC

*** This bug has been marked as a duplicate of 178262 ***


Note You need to log in before you can comment on or make changes to this bug.