On Wed, 2007-05-09 at 15:55 +0200, Till Maas wrote: > On Mi Mai 9 2007, Jakub Jelinek wrote: > > > DT_TEXTREL shared libraries are (almost always) a packaging bug which > > should be fixed, not worked around by setting SELinux contexts. > > In most cases that just means compiling all the objects that are linked > > into the shared library with -fpic resp. -fPIC (for very large shared > > libraries). > > In my case it is virtualbox, a x86 emulator. It uses code like it is described > in http://people.redhat.com/~drepper/selinux-mem.html so I guess it is not > (only) the -fpic stuff. It's not and for applications like this you aren't likely to avoid executing writable memory. You should set the context correctly to allow executable memory (chcon -t unconfined_execmem_exec_t). Eventually we should avoid hard-coding contexts in the rpms but there is currently no better solution. > Btw. what are very larged shared libraries? And > should "-fpic" only be used when one encounters selinux problems? > Preventing relocations is not just an "selinux problem" - it is a good idea in general and prevents certain kinds of exploits. Karl -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
