Bug 213856 - SELinux is preventing /lib/ld-2.5.so from loading /usr/lib/libx264.so.54 which requires text relocation.
SELinux is preventing /lib/ld-2.5.so from loading /usr/lib/libx264.so.54 whic...
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-03 09:30 EST by Tom Weniger
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-03 12:16:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tom Weniger 2006-11-03 09:30:48 EST
Description of problem:

The /lib/ld-2.5.so application attempted to load /usr/lib/libx264.so.54 which
requires text relocation. This is a potential security problem. Most libraries
do not need this permission. Libraries are sometimes coded incorrectly and
request this permission. The SELinux Memory Protection Tests web page explains
how to remove this requirement. You can configure SELinux temporarily to allow
/usr/lib/libx264.so.54 to use relocation as a workaround, until the library is
fixed. 

Version-Release number of selected component (if applicable):

glibc-2.5-3 [application]x264-0-0.7.20061028.lvn6 [target]
selinux-policy-2.4.1-3.fc6

How reproducible:
unknown

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
avc: denied { execmod } for comm='"ld-linux.so.2"' dev='dm-3' egid='0' euid='0'
exe='"/lib/ld-2.5.so"' exit='-13' fsgid='0' fsuid='0' gid='0' items='0'
name='"libx264.so.54"' path='"/usr/lib/libx264.so.54"' pid='6393'
scontext=system_u:system_r:prelink_t:s0-s0:c0.c1023 sgid='0'
subj='system_u:system_r:prelink_t:s0-s0:c0.c1023' suid='0' tclass='file'
tcontext=system_u:object_r:lib_t:s0 tty='(none)' uid='0'
Comment 1 Jakub Jelinek 2006-11-03 12:16:37 EST
Why are you reporting this against glibc?  There is no bug on the glibc side.
You have some third party incorrectly built library, which you either should
mark as textrel_shlib_t using chcon, or recompile properly to avoid text
relocations.
Comment 2 Tom Weniger 2006-11-05 11:49:18 EST
I repoorted it againt glibc because that was the program listed in the SELinux
Troubleshooter. My apologies for the confusion since I did a bugzilla search and
did not find a related issue open. I later found the problem was related to mplayer.

Note You need to log in before you can comment on or make changes to this bug.