On Mon, Jun 06, 2011 at 11:31:15AM -0400, Daniel J Walsh wrote: > > 1. Preferably get rid of the text relocations. > > > +10000000 I've been in contact with the upstream author, and he is working towards that goal. In the meantime, I've compiled the C version which does use -fPIC (and happens to avoid some other bugs with the assembly version) https://admin.fedoraproject.org/updates/ocp-0.1.20-8.fc15 https://admin.fedoraproject.org/updates/ocp-0.1.20-8.fc14 https://admin.fedoraproject.org/updates/ocp-0.1.20-8.fc13 Karma appreciated :-) > > 2. If that is not possible then ask selinux-policy to add file context > > specs for the libs that need it. > > > Yes In this case, I would like to ask that the selinux-policy package remove this obsolete file context and not replace it with anything else: /usr/lib(64)?/ocp-.*/mixclip\.so -- system_u:object_r:textrel_shlib_t:s0 Should I file a bug against selinux-policy? > textrel_shlib_t usually means the developer of the library made a > mistake, and we want to cover up for it by making SELinux be quite and > just allow it. > > If you want to set the label in the post install you should execute the > semanage command. > > semanage fcontex -a -t textrel_shlib_t PATHTOSHLIB > restorecon PATHTOSHLIB I've decided to use this method for the temporary need of textrel_shlib_t on the assembly version (which can be built by using --with-i386asm, but is not built this way by default in Fedora). That way I can easily remove this later when text relocations are no longer needed (and I can switch back to the assembly version). Thanks for the input. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
