textrel_shlib_t

textrel_shlib_t

[Valdis.Kletnieks]

[-- Attachment #1: Type: text/plain, Size: 351 bytes --]

(And yes, I *know* I can just chcon the sucker into submission...)

I have a 3rd-party shared library, for which I have source. It's
throwing a execmod AVC that can be worked around with textrel_shlib_t.

What in the source code causes this, and what's a good fix?  I'd
like to create a patch and push it upstream so it will Just Work for
others....


[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]

Re: textrel_shlib_t

[Daniel J Walsh]

Valdis.Kletnieks@vt.edu wrote:
> (And yes, I *know* I can just chcon the sucker into submission...)
>
> I have a 3rd-party shared library, for which I have source. It's
> throwing a execmod AVC that can be worked around with textrel_shlib_t.
>
> What in the source code causes this, and what's a good fix?  I'd
> like to create a patch and push it upstream so it will Just Work for
> others....
>
>   
Ulrich explains it.

http://people.redhat.com/~drepper/selinux-mem.html

http://people.redhat.com/~drepper/dsohowto.pdf

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: textrel_shlib_t

[Valdis.Kletnieks]

[-- Attachment #1: Type: text/plain, Size: 383 bytes --]

On Thu, 11 May 2006 15:08:07 EDT, Daniel J Walsh said:

> http://people.redhat.com/~drepper/selinux-mem.html

I had that one already, it mostly discusses using chcon as a workaround..

> http://people.redhat.com/~drepper/dsohowto.pdf

Aha! Some digging through this one, and we find:

The library in question wasn't compiled with -fpic or similar.

This looks easy enough to fix. :)

[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]

Re: textrel_shlib_t

[Daniel J Walsh]

Valdis.Kletnieks@vt.edu wrote:
> On Thu, 11 May 2006 15:08:07 EDT, Daniel J Walsh said:
>
>   
>> http://people.redhat.com/~drepper/selinux-mem.html
>>     
>
> I had that one already, it mostly discusses using chcon as a workaround..
>
>   
>> http://people.redhat.com/~drepper/dsohowto.pdf
>>     
>
> Aha! Some digging through this one, and we find:
>
> The library in question wasn't compiled with -fpic or similar.
>
> This looks easy enough to fix. :)
>   
BTW Read my blog today, as I talk about a lot of this stuff...  How timely.

Dan

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.