Stephen Smalley wrote:

>On Mon, 2004-10-04 at 21:00, Greg Norris wrote:
>  
>
>>Ok, I've (finally) figured out what's actually failing.  When I strace a 
>>tail command on my selinux box, the following entries seem of interest:
>>
>>   open("/etc/ld.so.cache", O_RDONLY)      = 3
>>   fstat64(3, {st_mode=S_IFREG|0644, st_size=11997, ...}) = 0
>>   old_mmap(NULL, 11997, PROT_READ, MAP_PRIVATE, 3, 0) = -1 EACCES (Permission denied)
>>   close(3)                                = 0
>>
>>   open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
>>   fstat64(3, {st_mode=S_IFREG|0644, st_size=1589840, ...}) = 0
>>   mmap2(NULL, 1589840, PROT_READ, MAP_PRIVATE, 3, 0) = -1 EACCES (Permission denied)
>>   close(3)                                = 0
>>
>>When I strace the same command on my non-selinux box (also running
>>Debian sid), both of the mmaps are successful.  So I guess I need to
>>figure out why the the mmaps are being blocked.
>>
>>I'm not sure why selinux would log that as a denied execute, tho.
>>    
>>
>
>Legacy binary?  Read-only mmap/mprotect requests are now automatically
>translated to read-execute for backward compatibility when executing
>legacy binaries due to the NX support that was added to the upstream
>kernel.  That translation happens before the SELinux hooks are
>encountered, so SELinux just sees it as a read/execute request.
>
>  
>
Ok I am seeing this stuff alot right now.  Mainly when running mozilla 
with java. 

Seems there is a problem with either glib or m_protect.

kernel-2.6.8-1.603
glibc-2.3.3-66