"Gelöst" SElinux Alert: libpbvm.so requires text relocation

Questions and information regarding the Linux desktop client - Fragen und Informationen zum Linux Desktop-Client

"Gelöst" SElinux Alert: libpbvm.so requires text relocation

Postby BigDaddy73 » 25 Apr 2010, 12:23

Hallo zusammen,

ich benutze Fedora 11 x86_64 mit nicht deaktiviertem SElinux und bekomme beim Starten des TD Clients 2.2.127 einen SElinux Security Alert:

Code: Select all
Zusammenfassung:

SELinux is preventing TeamDrive2.i386 from loading /opt/teamdrive2/libpbvm.so
which requires text relocation.

Detaillierte Beschreibung:

The TeamDrive2.i386 application attempted to load /opt/teamdrive2/libpbvm.so
which requires text relocation. This is a potential security problem. Most
libraries do not need this permission. Libraries are sometimes coded incorrectly
and request this permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. You can configure SELinux temporarily to allow
/opt/teamdrive2/libpbvm.so to use relocation as a workaround, until the library
is fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Zugriff erlauben:

If you trust /opt/teamdrive2/libpbvm.so to run correctly, you can change the
file context to textrel_shlib_t. "chcon -t textrel_shlib_t
'/opt/teamdrive2/libpbvm.so'" You must also change the default file context
files on the system in order to preserve them even on a full relabel. "semanage
fcontext -a -t textrel_shlib_t '/opt/teamdrive2/libpbvm.so'"

Fixer Befehl:

chcon -t textrel_shlib_t '/opt/teamdrive2/libpbvm.so'

Zusätzliche Informationen:

Quellkontext                  unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Zielkontext                   unconfined_u:object_r:usr_t:s0
Zielobjekte                   /opt/teamdrive2/libpbvm.so [ file ]
Quelle                        TeamDrive2.i386
Quellen-Pfad                  /opt/teamdrive2/TeamDrive2.i386
Port                          <Unbekannt>
Host                          ***********************
Quellen-RPM-Pakete           
Ziel-RPM-Pakete               
RPM-Richtlinie                selinux-policy-3.6.12-96.fc11
SELinux aktiviert             True
Richtlinienversion            targeted
MLS aktiviert                 True
Enforcing-Modus               Enforcing
Plugin-Name                   allow_execmod
Hostname                      ***********************
Plattform                     Linux ***********************
                              2.6.30.10-105.2.23.fc11.x86_64 #1 SMP Thu Feb 11
                              07:06:34 UTC 2010 x86_64 x86_64
Anzahl der Alarme             1
Zuerst gesehen                So 25 Apr 2010 11:48:22 CEST
Zuletzt gesehen               So 25 Apr 2010 11:48:22 CEST
Lokale ID                     c5aa3db0-ae3c-41b7-8048-743f69b18e9d
Zeilennummern                 

Raw-Audit-Meldungen           

node=*********************** type=AVC msg=audit(1272188902.946:38659): avc:  denied  { execmod } for  pid=8493 comm="TeamDrive2.i386" path="/opt/teamdrive2/libpbvm.so" dev=sda3 ino=411480 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file

node=*********************** type=SYSCALL msg=audit(1272188902.946:38659): arch=40000003 syscall=125 success=no exit=-13 a0=110000 a1=19e000 a2=5 a3=ff9b5e60 items=0 ppid=8489 pid=8493 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="TeamDrive2.i386" exe="/opt/teamdrive2/TeamDrive2.i386" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)


Kann diese Meldung jemand bestätigen? Kann ich die Ausführung zulassen?

BigDaddy73
Last edited by BigDaddy73 on 03 May 2010, 10:28, edited 1 time in total.
BigDaddy73
 
Posts: 5
Joined: 25 Apr 2010, 12:02

Re: SElinux Alert: libpbvm.so requires text relocation

Postby EPruehs » 26 Apr 2010, 10:50

Sie können die Ausführung zulassen.

Mfg. E. Prühs
EPruehs
TeamDrive Team Member
 
Posts: 169
Joined: 17 Jul 2008, 18:05

Re: SElinux Alert: libpbvm.so requires text relocation

Postby BigDaddy73 » 26 Apr 2010, 13:53

Danke. Ich habe

Code: Select all
chcon -t textrel_shlib_t '/opt/teamdrive2/libpbvm.so'

als root ausgeführt und das Programm startet nun ohne weitere Alerts.
BigDaddy73
 
Posts: 5
Joined: 25 Apr 2010, 12:02


Return to Linux

Who is online

Users browsing this forum: No registered users and 6 guests

cron