ich benutze Fedora 11 x86_64 mit nicht deaktiviertem SElinux und bekomme beim Starten des TD Clients 2.2.127 einen SElinux Security Alert:
- Code: Select all
Zusammenfassung:
SELinux is preventing TeamDrive2.i386 from loading /opt/teamdrive2/libpbvm.so
which requires text relocation.
Detaillierte Beschreibung:
The TeamDrive2.i386 application attempted to load /opt/teamdrive2/libpbvm.so
which requires text relocation. This is a potential security problem. Most
libraries do not need this permission. Libraries are sometimes coded incorrectly
and request this permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. You can configure SELinux temporarily to allow
/opt/teamdrive2/libpbvm.so to use relocation as a workaround, until the library
is fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Zugriff erlauben:
If you trust /opt/teamdrive2/libpbvm.so to run correctly, you can change the
file context to textrel_shlib_t. "chcon -t textrel_shlib_t
'/opt/teamdrive2/libpbvm.so'" You must also change the default file context
files on the system in order to preserve them even on a full relabel. "semanage
fcontext -a -t textrel_shlib_t '/opt/teamdrive2/libpbvm.so'"
Fixer Befehl:
chcon -t textrel_shlib_t '/opt/teamdrive2/libpbvm.so'
Zusätzliche Informationen:
Quellkontext unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Zielkontext unconfined_u:object_r:usr_t:s0
Zielobjekte /opt/teamdrive2/libpbvm.so [ file ]
Quelle TeamDrive2.i386
Quellen-Pfad /opt/teamdrive2/TeamDrive2.i386
Port <Unbekannt>
Host ***********************
Quellen-RPM-Pakete
Ziel-RPM-Pakete
RPM-Richtlinie selinux-policy-3.6.12-96.fc11
SELinux aktiviert True
Richtlinienversion targeted
MLS aktiviert True
Enforcing-Modus Enforcing
Plugin-Name allow_execmod
Hostname ***********************
Plattform Linux ***********************
2.6.30.10-105.2.23.fc11.x86_64 #1 SMP Thu Feb 11
07:06:34 UTC 2010 x86_64 x86_64
Anzahl der Alarme 1
Zuerst gesehen So 25 Apr 2010 11:48:22 CEST
Zuletzt gesehen So 25 Apr 2010 11:48:22 CEST
Lokale ID c5aa3db0-ae3c-41b7-8048-743f69b18e9d
Zeilennummern
Raw-Audit-Meldungen
node=*********************** type=AVC msg=audit(1272188902.946:38659): avc: denied { execmod } for pid=8493 comm="TeamDrive2.i386" path="/opt/teamdrive2/libpbvm.so" dev=sda3 ino=411480 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
node=*********************** type=SYSCALL msg=audit(1272188902.946:38659): arch=40000003 syscall=125 success=no exit=-13 a0=110000 a1=19e000 a2=5 a3=ff9b5e60 items=0 ppid=8489 pid=8493 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="TeamDrive2.i386" exe="/opt/teamdrive2/TeamDrive2.i386" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
Kann diese Meldung jemand bestätigen? Kann ich die Ausführung zulassen?
BigDaddy73