Description of problem: Version-Release number of selected component (if applicable): tog-pegasus-devel-2.5.1-1.EL4 tog-pegasus-2.5.1-1.EL4 selinux-policy-targeted-1.17.30-2.134 selinux-doc-1.14.1-1 libselinux-1.19.1-7.2 libselinux-devel-1.19.1-7.2 How reproducible: Run the following sequence as "root" with the OpenPegasus SELinux policies enabled. Steps to Reproduce: 1. #rpm -ih tog-pegasus-devel-2.5.1-1.EL4.i386.rpm 2. #cd /usr/share/Pegasus/samples 3. #make 4. #make setupSDK 5. #make tests Actual results: # make tests make[1]: Entering directory `/usr/share/Pegasus/samples/Clients' make[2]: Entering directory `/usr/share/Pegasus/samples/Clients/DefaultC++' make[3]: Entering directory `/usr/share/Pegasus/samples/Clients/DefaultC++/EnumInstances' Error: CIM_ERR_FAILED: A general error occurred that is not covered by a more specific error code: "ProviderLoadFailure (/usr/lib64/Pegasus/providers/libSampleInstanceProvider.so:SampleInstanceProvid er):Cannot load library, error: /usr/lib64/Pegasus/providers/libSampleInstanceProvider.so: failed to map segment from shared object: Permission denied" make[3]: *** [tests] Error 1 make[3]: Leaving directory `/usr/share/Pegasus/samples/Clients/DefaultC++/EnumInstances' make[2]: *** [tests] Error 2 make[2]: Leaving directory `/usr/share/Pegasus/samples/Clients/DefaultC++' make[1]: *** [tests] Error 2 make[1]: Leaving directory `/usr/share/Pegasus/samples/Clients' make: *** [tests] Error 2 Expected results: Additional info:
Solution/Workaround By default, the security contexts for the sample providers is not defined correctly. You can use the "ls -Z" command to display the current settings # cd /usr/share/Pegasus/samples/Providers/DefaultC++/InstanceProvider/ # ls -Z libSampleInstanceProvider.so -rwxr-xr-x root root root:object_r:usr_t libSampleInstanceProvider.so You can use the "chcon" command to change the security context to the correct setting. # cd /usr/share/Pegasus/samples/Providers/DefaultC++/InstanceProvider/ # chcon -u system_u -r object_r -t shlib_t libSampleInstanceProvider.so # cd /usr/share/Pegasus/samples/Providers/DefaultC++/MethodProvider/ # chcon -u system_u -r object_r -t shlib_t libSampleMethodProvider.so # cd /usr/share/Pegasus/samples/Providers/DefaultC++/IndicationProvider/ # chcon -u system_u -r object_r -t shlib_t libSampleIndicationProvider.so # cd /usr/share/Pegasus/samples/Providers/DefaultC++/AssociationProvider # chcon -u system_u -r object_r -t shlib_t libSampleAssociationProvider.so
OK, the /usr/share/Pegasus/samples/Makefile will now set the SELinux context of the /usr/share/Pegasus/samples/Providers/*/*/*.so* libraries correctly in the 'setupSDK' target, in the next tog-pegasus-2.5.1-2.EL4 version.
Thanks!
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0474.html