Rick Stevens wrote:
On Thu, 2006-12-07 at 16:21 -0500, jim tate wrote:
Running tail -f /var/log/messages
When I execute "k9copy" w/o quotes , I get the log in /var/log/messages.
Same happens when running
as SU or user.
From What I can see , I'm having problems with Selinux. How do I fix
it? Relabel etc etc
Dec 7 12:22:35 sysresccd kernel: audit(1165512155.670:17): avc: denied {
execmod } for pid=32642 comm="k9copy" name="libk9copy.so.0.0.0" dev=hda1
ino=3892747 scontext=user_u:system_r:unconfined_t:s0
tcontext=system_ubject_r:lib_t:s0 tclass=file
Dec 7 12:22:36 sysresccd kernel: pci_set_power_state(): 0000:02:08.0:
state=3, current state=5
If you save the relative entries to a text file somewhere and run
"audit2why <name-of-text-file", it'll give you some suggestions.
Actually that will not tell you much. A much better solution would be
to run setroubleshootd. This would translate that error message to
something like the following:
Summary
SELinux is preventing k9copy from loading libk9copy.so.0.0.0 which
requires
text relocation.
Detailed Description
The k9copy application attempted to load libk9copy.so.0.0.0 which
requires
text relocation. This is a potential security problem. Most
libraries do
not need this permission. Libraries are sometimes coded incorrectly and
request this permission. The http://people.redhat.com/drepper/selinux-
mem.html web page explains how to remove this requirement. You can
configure SELinux temporarily to allow libk9copy.so.0.0.0 to use
relocation
as a workaround, until the library is fixed. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Allowing Access
If you trust libk9copy.so.0.0.0 to run correctly, you can change the
file
context to textrel_shlib_t. "chcon -t textrel_shlib_t
libk9copy.so.0.0.0"
The following command will allow this access:
chcon -t textrel_shlib_t libk9copy.so.0.0.0
Additional Information
Source Context user_u:system_r:unconfined_t
Target Context system_u:object_r:lib_t
Target Objects libk9copy.so.0.0.0 [ file ]
Affected RPM Packages
Policy RPM
Selinux Enabled
Policy Type
MLS Enabled
Enforcing Mode
Plugin Name plugins.allow_execmod
Host Name
Platform
Alert Count 1
Line Numbers 1
Raw Audit Messages
avc: denied { execmod } for comm="k9copy" dev=hda1 name="libk9copy.so.0.0.0"
pid=32642 scontext=user_u:system_r:unconfined_t:s0 tclass=file
tcontext=system_u:object_r:lib_t:s0
Jim
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- "OK, so you're a Ph.D. Just don't TOUCH anything!" -
----------------------------------------------------------------------
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list