On Thu, 2005-01-13 at 11:23, Tom London wrote: > Understand. I see the execmod rule in base_user_macros.te. > > How can I help? > > Would it be useful for me to remove the execmod rule for > ld_so_t from there and rerun with audit=1? Something else? Yes. And also to run it under strace (in permissive mode) and collect the output to send to me. However, this looks similar to me to https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133505, except that was caused by faulty logic in the mmap/mprotect hooks. But reading the comments in that bug report suggests that ld.so is being mapped writable (in a private mapping) and modified, which would run into this execmod check. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
