Bug 551664 - The detailed description requests that I report this bug. I have no idea what the bug is.
The detailed description requests that I report this bug. I have no idea wha...
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Grepl
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2009-12-31 23:17 EST by Duane McMurchie
Modified: 2012-10-15 10:42 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-03-30 03:50:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Duane McMurchie 2009-12-31 23:17:24 EST
Description of problem:Summary:

SELinux is preventing ld-linux.so.2 from loading
/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Qmut9X which requires text relocation.

Detailed Description:

The ld-linux.so.2 application attempted to load
/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Qmut9X which requires text relocation.
This is a potential security problem. Most libraries do not need this
permission. Libraries are sometimes coded incorrectly and request this
permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. You can configure SELinux temporarily to allow
/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Qmut9X to use relocation as a workaround,
until the library is fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Allowing Access:

If you trust /usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Qmut9X to run correctly, you
can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
'/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Qmut9X'" You must also change the
default file context files on the system in order to preserve them even on a
full relabel. "semanage fcontext -a -t textrel_shlib_t

The following command will allow this access:

chcon -t textrel_shlib_t '/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Qmut9X'

Additional Information:

Source Context                root:system_r:prelink_t:SystemLow-SystemHigh
Target Context                root:object_r:lib_t
Target Objects                /usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Qmut9X [
                              file ]
Source                        ld-linux.so.2
Source Path                   /lib/ld-2.5.so
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           glibc-2.5-42.el5_4.2
Target RPM Packages           
Policy RPM                    selinux-policy-2.4.6-255.el5_4.1
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_execmod
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.18-164.9.1.el5 #1
                              SMP Wed Dec 9 03:29:54 EST 2009 i686 athlon
Alert Count                   1
First Seen                    Thu 31 Dec 2009 11:12:50 AM PST
Last Seen                     Thu 31 Dec 2009 11:12:50 AM PST
Local ID                      aa08bda3-47a5-4fe3-9338-18a9b1f64058
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1262286770.802:136): avc:  denied  { execmod } for  pid=18130 comm="ld-linux.so.2" path="/usr/lib/libSDL-1.2.so.0.7.3.#prelink#.Qmut9X" dev=dm-0 ino=16497330 scontext=root:system_r:prelink_t:s0-s0:c0.c1023 tcontext=root:object_r:lib_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1262286770.802:136): arch=40000003 syscall=125 success=no exit=-13 a0=1f0000 a1=7c000 a2=5 a3=bfb80ae0 items=0 ppid=18120 pid=18130 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2 comm="ld-linux.so.2" exe="/lib/ld-2.5.so" subj=root:system_r:prelink_t:s0-s0:c0.c1023 key=(null)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Permaine Cheung 2010-01-05 14:08:41 EST
Is this a problem with base RHEL?
Comment 2 Duane McMurchie 2010-01-05 20:00:24 EST
Yes, as far as I can tell, it is a problem with the base installation.  I have made no changes.
Comment 3 Permaine Cheung 2010-01-06 09:09:35 EST
Reassigning to selinux component.
Comment 4 Daniel Walsh 2010-01-06 10:41:19 EST

Add libs_legacy_use_shared_libs(prelink_t)  This is what we have in Fedora.
Comment 5 Eduard Benes 2010-01-12 11:07:21 EST
Duane, could you please provide instructions how to reproduce the bug? Thanks
Comment 6 Miroslav Grepl 2010-01-12 12:49:42 EST
Fixed in selinux-policy-2.4.6-270.el5
Comment 10 errata-xmlrpc 2010-03-30 03:50:48 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.