On 01/30/2015 05:15 PM, Stephen Smalley wrote:
While this obviously shouldn't hang, it is definitely wrong for this library to be invoking chcon on the .so file. The label should be set when the .so file is first installed, preferably by rpm itself by adding a file_contexts entry via semanage fcontext -a followed by a restorecon call in the %post scriptlet. Can you bug the author of the closed-source library to fix their package?
I mailed them and waiting for an answer, but I guess that they are doing so as a workaround because they need to dlopen it and they are unable to do so.
The version of selinux is the default provided by centos6.4. I'll write back the specific detail on Monday. I don't have access to the machine outside of office hours.
I tried to produce some code that simulate what I think it might happen in the closed source library, but I was unable to reproduce the problem. My assumption was that a separate thread was issuing a dlopen and then the chcon, but besides the fact that I don't see how this may lead to chcon hanging, it failed to produce any problem.
I also tried to reproduce the issue on another centos6.4 installation without success. However, we already encountered this hang condition in two unrelated customers, so it's not a random fluke.
-- Stefano Borini QuantumWise A/S _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
