On Friday 26 March 2010 10:33:50 am Stephen Smalley wrote:
> On Thu, 2010-03-25 at 15:48 -0500, Dennis Gilmore wrote:
> > On Thursday 25 March 2010 03:24:58 pm David Miller wrote:
> > > From: "Tom \"spot\" Callaway" <tcallawa@xxxxxxxxxx>
> > > Date: Wed, 24 Mar 2010 17:52:57 -0400
> > >
> > > > Attached is a patch which disables execmem for sparc. Without it,
> > > > selinux does not work at all on SPARC64.
> > > >
> > > > This patch should be reasonably non-controversial, because this is
> > > > already being done for PPC32.
> > > >
> > > > Tested-by: Tom "spot" Callaway <tcallawa@xxxxxxxxxx> (Ultra 10,
> > > > T5220)
> > > >
> > > > Dennis Gilmore <dgilmore@xxxxxxxxxx>
> > > >
> > > > Signed-off-by: Tom "spot" Callaway <tcallawa@xxxxxxxxxx>
> > >
> > > What is the reason why it doesn't work, I'm just curious?
> > >
> > > Is there some dependency upon executable stacks or executable data
> > > segments always working? Why can't SELINUX protect be used with
> > > that correctly?
> >
> > what happens is that almost all binaries end up with execmem set and
> > selinux prevents them from running. the system fails to even get close
> > to coming up in a usable state
> >
> > Dec 31 18:00:40 sparcbook kernel: type=1400 audit(8.160:3): avc: denied
> > { execmem } for pid=208 comm="consoletype"
> > scontext=system_u:system_r:consoletype_t:s0
> > tcontext=system_u:system_r:consoletype_t:s0 tclass=process
> > Dec 31 18:00:40 sparcbook kernel: type=1400 audit(8.315:4): avc: denied
> > { execmem } for pid=211 comm="hostname"
> > scontext=system_u:system_r:hostname_t:s0
> > tcontext=system_u:system_r:hostname_t:s0 tclass=process
> > Dec 31 18:00:40 sparcbook kernel: type=1400 audit(8.520:5): avc: denied
> > { execmem } for pid=213 comm="mount"
> > scontext=system_u:system_r:mount_t:s0
> > tcontext=system_u:system_r:mount_t:s0 tclass=process
> > Dec 31 18:00:40 sparcbook kernel: type=1400 audit(8.570:6): avc: denied
> > { execmem } for pid=203 comm="readahead-colle"
> > scontext=system_u:system_r:readahead_t:s0
> > tcontext=system_u:system_r:readahead_t:s0 tclass=process
> >
> > is a small sample of the logs you get not everything fails but almost
> > everything
>
> I think we need to understand why this is happening - it usually
> reflects a toolchain problem (that was the case in the ppc32 situation,
> and was later fixed in Fedora through an updated toolchain and rebuilt
> userland). eu-readelf -l /bin/hostname shows what?
eu-readelf -l /bin/hostname
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x00010034 0x00010034 0x000100 0x000100 R E 0x4
INTERP 0x000134 0x00010134 0x00010134 0x000013 0x000013 R 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x000000 0x00010000 0x00010000 0x002204 0x002204 R E 0x10000
LOAD 0x002204 0x00022204 0x00022204 0x000284 0x0002ac RWE 0x10000
DYNAMIC 0x002218 0x00022218 0x00022218 0x0000d0 0x0000d0 RW 0x4
NOTE 0x000148 0x00010148 0x00010148 0x000044 0x000044 R 0x4
GNU_EH_FRAME 0x002110 0x00012110 0x00012110 0x00003c 0x00003c R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x000000 0x000000 RW 0x4
Section to Segment mapping:
Segment Sections...
00
01 [RO: .interp]
02 [RO: .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym
.dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .text .fini
.rodata .eh_frame_hdr .eh_frame]
03 .ctors .dtors .jcr .dynamic .got .plt .data .bss
04 .dynamic
05 [RO: .note.ABI-tag .note.gnu.build-id]
06 [RO: .eh_frame_hdr]
07
>
> > > And since we're touching selinux code we need to at a minimum
> > > CC: them so they can have a look at your change.
> > >
> > > --------------------
> > > diff -up linux-2.6.32.noarch/security/selinux/hooks.c.mprotect-sparc
> > > linux-2.6.32.noarch/security/selinux/hooks.c ---
> > > linux-2.6.32.noarch/security/selinux/hooks.c.mprotect-sparc 2010-03-10
> > > 08:28:20.957571926 -0500 +++
> > > linux-2.6.32.noarch/security/selinux/hooks.c 2010-03-10
> > > 08:29:15.732698763 -0500 @@ -3010,7 +3010,7 @@ static int
> > > file_map_prot_check(struct fi
> > >
> > > const struct cred *cred = current_cred();
> > > int rc = 0;
> > >
> > > -#ifndef CONFIG_PPC32
> > > +#if !defined(CONFIG_PPC32) && !defined(CONFIG_SPARC)
> > >
> > > if ((prot & PROT_EXEC) && (!file || (!shared && (prot &
> > > PROT_WRITE)))) {
> > >
> > > /*
> > >
> > > * We are making executable an anonymous mapping or a
> > >
> > > @@ -3082,7 +3082,7 @@ static int selinux_file_mprotect(struct
> > >
> > > if (selinux_checkreqprot)
> > >
> > > prot = reqprot;
> > >
> > > -#ifndef CONFIG_PPC32
> > > +#if !defined(CONFIG_PPC32) && !defined(CONFIG_SPARC)
> > >
> > > if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
> > >
> > > int rc = 0;
> > > if (vma->vm_start >= vma->vm_mm->start_brk &&
> > >
> > > --
> > > To unsubscribe from this list: send the line "unsubscribe sparclinux"
> > > in the body of a message to majordomo@xxxxxxxxxxxxxxx
> > > More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: This is a digitally signed message part.
