Bug 213856 - SELinux is preventing /lib/ld-2.5.so from loading /usr/lib/libx264.so.54 which requires text relocation.
Summary: SELinux is preventing /lib/ld-2.5.so from loading /usr/lib/libx264.so.54 whic...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-11-03 14:30 UTC by Tom Weniger
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-11-03 17:16:37 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Tom Weniger 2006-11-03 14:30:48 UTC
Description of problem:

The /lib/ld-2.5.so application attempted to load /usr/lib/libx264.so.54 which
requires text relocation. This is a potential security problem. Most libraries
do not need this permission. Libraries are sometimes coded incorrectly and
request this permission. The SELinux Memory Protection Tests web page explains
how to remove this requirement. You can configure SELinux temporarily to allow
/usr/lib/libx264.so.54 to use relocation as a workaround, until the library is
fixed. 

Version-Release number of selected component (if applicable):

glibc-2.5-3 [application]x264-0-0.7.20061028.lvn6 [target]
selinux-policy-2.4.1-3.fc6

How reproducible:
unknown

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
avc: denied { execmod } for comm='"ld-linux.so.2"' dev='dm-3' egid='0' euid='0'
exe='"/lib/ld-2.5.so"' exit='-13' fsgid='0' fsuid='0' gid='0' items='0'
name='"libx264.so.54"' path='"/usr/lib/libx264.so.54"' pid='6393'
scontext=system_u:system_r:prelink_t:s0-s0:c0.c1023 sgid='0'
subj='system_u:system_r:prelink_t:s0-s0:c0.c1023' suid='0' tclass='file'
tcontext=system_u:object_r:lib_t:s0 tty='(none)' uid='0'

Comment 1 Jakub Jelinek 2006-11-03 17:16:37 UTC
Why are you reporting this against glibc?  There is no bug on the glibc side.
You have some third party incorrectly built library, which you either should
mark as textrel_shlib_t using chcon, or recompile properly to avoid text
relocations.

Comment 2 Tom Weniger 2006-11-05 16:49:18 UTC
I repoorted it againt glibc because that was the program listed in the SELinux
Troubleshooter. My apologies for the confusion since I did a bugzilla search and
did not find a related issue open. I later found the problem was related to mplayer.


Note You need to log in before you can comment on or make changes to this bug.