Hide Forgot
Summary: SELinux is preventing /opt/altera9.1/quartus/linux/quartus_map from loading /opt/altera9.1/quartus/linux/libccl_err.so which requires text relocation. Detailed Description: The quartus_map application attempted to load /opt/altera9.1/quartus/linux/libccl_err.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /opt/altera9.1/quartus/linux/libccl_err.so to use relocation as a workaround, until the library is fixed. Please file a bug report. Allowing Access: If you trust /opt/altera9.1/quartus/linux/libccl_err.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/opt/altera9.1/quartus/linux/libccl_err.so'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/opt/altera9.1/quartus/linux/libccl_err.so'" Fix Command: chcon -t textrel_shlib_t '/opt/altera9.1/quartus/linux/libccl_err.so' Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context system_u:object_r:lib_t:s0 Target Objects /opt/altera9.1/quartus/linux/libccl_err.so [ file ] Source quartus_map Source Path /opt/altera9.1/quartus/linux/quartus_map Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.6.32-24.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name allow_execmod Host Name (removed) Platform Linux (removed) 2.6.31.1-56.fc12.x86_64 #1 SMP Tue Sep 29 16:16:22 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Sun 15 Nov 2009 02:10:17 PM MST Last Seen Sun 15 Nov 2009 02:10:17 PM MST Local ID c6baf14a-f3e4-42ee-bf5d-f776a49114f1 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1258319417.292:20925): avc: denied { execmod } for pid=27021 comm="quartus_map" path="/opt/altera9.1/quartus/linux/libccl_err.so" dev=dm-0 ino=83566 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1258319417.292:20925): arch=40000003 syscall=125 success=no exit=-13 a0=360d000 a1=2d000 a2=5 a3=fffb0580 items=0 ppid=27020 pid=27021 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=pts0 ses=4 comm="quartus_map" exe="/opt/altera9.1/quartus/linux/quartus_map" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-24.fc12,allow_execmod,quartus_map,unconfined_t,lib_t,file,execmod audit2allow suggests: #============= unconfined_t ============== allow unconfined_t lib_t:file execmod;
You can use the 'chcon' command what setroubleshoot suggests to allow this to work. Also please report this as a bug to Altera. They are building their libraries incorrectly. http://people.redhat.com/drepper/selinux-mem.html explains the access.
*** Bug 537701 has been marked as a duplicate of this bug. ***
I will add this as a default mapping, for now. Fixed in selinux-policy-3.6.32-46.fc12.noarch
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle. Changing version to '12'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
selinux-policy-3.6.32-46.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-46.fc12
selinux-policy-3.6.32-46.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-11672
selinux-policy-3.6.32-46.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.