Re: Selinux and K9copy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Rick Stevens wrote:
On Thu, 2006-12-07 at 16:21 -0500, jim tate wrote:
Running tail -f /var/log/messages
When I execute "k9copy" w/o quotes , I get the log in /var/log/messages. Same happens when running
as SU or user.
From What I can see , I'm having problems with Selinux. How do I fix it? Relabel etc etc

Dec 7 12:22:35 sysresccd kernel: audit(1165512155.670:17): avc: denied { execmod } for pid=32642 comm="k9copy" name="libk9copy.so.0.0.0" dev=hda1 ino=3892747 scontext=user_u:system_r:unconfined_t:s0 tcontext=system_ubject_r:lib_t:s0 tclass=file Dec 7 12:22:36 sysresccd kernel: pci_set_power_state(): 0000:02:08.0: state=3, current state=5

If you save the relative entries to a text file somewhere and run
"audit2why <name-of-text-file", it'll give you some suggestions.
Actually that will not tell you much. A much better solution would be to run setroubleshootd. This would translate that error message to something like the following:



Summary
SELinux is preventing k9copy from loading libk9copy.so.0.0.0 which requires
   text relocation.

Detailed Description
The k9copy application attempted to load libk9copy.so.0.0.0 which requires text relocation. This is a potential security problem. Most libraries do
   not need this permission. Libraries are sometimes coded incorrectly and
   request this permission.  The http://people.redhat.com/drepper/selinux-
   mem.html web page explains how to remove this requirement.  You can
configure SELinux temporarily to allow libk9copy.so.0.0.0 to use relocation
   as a workaround, until the library is fixed. Please file a
   http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Allowing Access
If you trust libk9copy.so.0.0.0 to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t libk9copy.so.0.0.0"

   The following command will allow this access:
   chcon -t textrel_shlib_t libk9copy.so.0.0.0

Additional Information
Source Context                user_u:system_r:unconfined_t
Target Context                system_u:object_r:lib_t
Target Objects                libk9copy.so.0.0.0 [ file ]
Affected RPM Packages Policy RPM Selinux Enabled Policy Type MLS Enabled Enforcing Mode Plugin Name plugins.allow_execmod Host Name Platform Alert Count 1
Line Numbers                  1

Raw Audit Messages
avc: denied { execmod } for comm="k9copy" dev=hda1 name="libk9copy.so.0.0.0"
pid=32642 scontext=user_u:system_r:unconfined_t:s0 tclass=file
tcontext=system_u:object_r:lib_t:s0


Jim

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-         "OK, so you're a Ph.D. Just don't TOUCH anything!"         -
----------------------------------------------------------------------


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux